CEHv8 BOOTCAMP: MODULE 03-SCANNING NETWORKS_SET-3 Flashcards

1
Q

What is an ICMP Echo Scanning/List Scan?

A

A type of scan that simply generates and prints a list of IPs/Names without actually pinging or port scanning them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In a UDP Scan, if a UDP port is open, what is returned?

A

No response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In a UDP Scan, if a UDP port is closed, what is returned?

A

ICMP port unreachable message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is ACK Flag Scanning?

A

A Scan where the attacker sends an ACK probe packet with a random sequence number.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are some port scanning countermeasures?

A
  • Configure firewall and IDS rules to detect and block probes.
  • Use custom rule set to lock down the network and block unwanted ports at the firewall.
  • Hide sensitive information from public view.
  • Filter all ICMP messages at the firewalls and routers.
  • Ensure that mechanism used for routing and filtering at the routers and firewalls respectively cannot bypassed using particular source ports or source-routing methods.
  • Perform TCP and UDP scanning along with ICMP probes against your organization’s IP address space to check the network configuration and its available ports.
  • Ensure that the router, IDS, and firewall firmware are updated to their latest releases.
  • Ensure that the anti scanning and anti spoofing rules are configured.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some IDS Evasion Techniques?

A
  • Use fragmented IP packets.
  • Spoof your IP address when launching attacks and sniff responses from server.
  • Use source routing (if possible).
  • Connect to proxy servers of compromised trojaned machines to launch attacks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Banner Grabbing?

A

The method to determine the operating system running on a remote target system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why would an attacker use banner grabbing?

A

To figure out the vulnerabilities the system posses and the exploits that might work on a system to further carry out additional attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are 4 banner grabbling tools?

A
  • ID Serve
  • Netcraft
  • Netcat
  • Telnet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some banner grabbing countermeasures?

A
  • Display false banners
  • Turn off unnecessary services
  • Disable or change banner information
  • Change ServerSignature line to ServerSignatureOff in httpd.conf
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What can file extensions reveal to an attacker?

A

Information about the underlying server technology that an attacker can utilize to launch attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What do vulnerability scanners identify?

A

Vulnerabilities and weaknesses of a system and network in order to determine how a system can be exploited.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What can drawing a target’s network diagram provide?

A

Valuable information about the network and it’s architecture to an attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a proxy?

A

A network computer that can serve as an intermediary for connecting with other computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are 4 functions of proxy servers?

A
  • To act as a Firewall
  • Filter out unwanted content
  • To anonymize web surfing
  • Allow the connection of a number of computers to the internet while having only 1 IP address
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are 5 reasons attackers use proxy servers?

A
  • To hide the source IP so the attacker can hack without any legal corollary.
  • To mask the actual source of the attack by impersonating a fake source address of the proxy.
  • To remotely access intranets and other website resources that are normally off limits.
  • To interrupt all the requests sent by an attacker and transmit them to a third destination, hence victims will only be able to identify the proxy server address.
  • Attackers chain multiple proxy servers to avoid detection.
17
Q

What are some examples of Proxy Tools?

A
  • Proxy Workbench
  • Proxifier
  • Proxy Switcher
  • SocksChain
18
Q

Where can you find a list of thousands of free proxy servers?

A

Google

19
Q

What is HTTP tunneling?

A

Allows you to perform various internet tasks despite the restrictions imposed by firewalls.

20
Q

Why would an organization want to use HTTP Tunneling?

A

It enables use of FTP via HTTP protocol.

21
Q

What are 2 HTTP Tunneling Tools?

A
  • Super Network Tunnel

* HTTP-Tunnel