CEHv8 BOOTCAMP: MODULE 03-SCANNING NETWORKS_SET-2

Question 1

How can creating fragmented packets help attackers?

Answer 1

To bypass firewalls and IDS systems in a network.

Question 2

IPv6 increases the IP address size from _____ to _____, to support more levels of addressing hierarchy.

Answer 2

32 bits to 128 bits.

Question 3

With IPv6 why will traditional network scanning techniques be computationally less feasible?

Answer 3

Due to larger search space (64 bits of host address space 264 address) provided by IPv6 in a subnet.

Question 4

Besides being more difficult to scan in IPv6 networks and complex than the IPv4, how else do IPv6 and IPv4 differ?

Answer 4

Major scanning tools such as Nmap do not support ping sweeps on IPv6 networks.

Question 5

Where do attackers need to harvest IPv6 addresses from?

Answer 5

• Network traffic
• Recorded logs
• Received from
• And other header lines in archived email or Usenet news messages

Question 6

Since IPv6 can offer a large number of hosts in a subnet, and if an attacker can compromise 1 host. What can the attacker probe?

Answer 6

The “all hosts” link local multicast address.

Question 7

What can Network administrators use NMAP for?

Answer 7

• Network inventory
• Managing service upgrade schedules
• Monitoring host or service uptime

Question 8

What kind of information can attackers use Nmap to extract?

Answer 8

• Live hosts on the network
• Services (application and version)
• Type of packet filter/firewalls
• Operating systems and OS versions

Question 9

What Operating System(s) do Hping2/Hping3 run on?

Answer 9

• Windows

* Linux operating systems

Question 10

What is Hping2/Hping3?

Answer 10

• Command line packet crafter for the TCP/IP protocol.

* Tool for security auditing and testing firewall and networks.

Question 11

What are 8 scanning techniques?

Answer 11

• TCP Connect/Full Open Scan
• Stealth Scan
• IDLE Scan
• ICMP Echo Scanning/List Scan
• SYN/FIN Scanning Using IP Fragments
• UDP Scanning
• Inverse TCP Flag Scanning
• ACK Flag Scanning

Question 12

What are 4 types of Stealth Scans?

Answer 12

• SYN Scan
• XMAS Scan
• FIN Scan
• NULL Scan

Question 13

When a TCP Connect scan completes a 3-way handshake it can detect, what?

Answer 13

When a port is open.

Question 14

A TCP Connect scan establishes a full connection and then tears it down by sending what packet?

Answer 14

A RST packet.

Question 15

Why would an attacker use a Stealth Scan (Half-open Scan)?

Answer 15

• To bypass firewall rules.
• Logging mechanism.
• Hide themselves as usual traffic.

Question 16

What is the Stealth scan process?

Answer 16

• Client sends a single SYN packet to the server on the appropriate port.
• If the port is Open then the server response with a SYN/ACK packer.
• If the server responds with a RST packet, then the remote port is in the Closed state.
• The client sends the RST packet to close the initiation before a connection can ever be established.

Question 17

What flags are set during a XMAS scan?

Answer 17

• URG
• ACK
• RST
• SYN
• PSH
• FIN

Question 18

How do FIN scans work?

Answer 18

Attackers send a TCP frame to a remote host with only FIN flags set.

Question 19

What is indicated when a FIN scan returns no response?

Answer 19

Port is Open.

Question 20

What is indicated when a FIN scan returns a RST/ACK?

Answer 20

Port is Closed.

Question 21

How do NULL scans work?

Answer 21

Attacker sends a TCP frame to a remote host with NO Flags