CEHv8 BOOTCAMP: MODULE 03-SCANNING NETWORKS_SET-3 Flashcards
What is an ICMP Echo Scanning/List Scan?
A type of scan that simply generates and prints a list of IPs/Names without actually pinging or port scanning them.
In a UDP Scan, if a UDP port is open, what is returned?
No response.
In a UDP Scan, if a UDP port is closed, what is returned?
ICMP port unreachable message.
What is ACK Flag Scanning?
A Scan where the attacker sends an ACK probe packet with a random sequence number.
What are some port scanning countermeasures?
- Configure firewall and IDS rules to detect and block probes.
- Use custom rule set to lock down the network and block unwanted ports at the firewall.
- Hide sensitive information from public view.
- Filter all ICMP messages at the firewalls and routers.
- Ensure that mechanism used for routing and filtering at the routers and firewalls respectively cannot bypassed using particular source ports or source-routing methods.
- Perform TCP and UDP scanning along with ICMP probes against your organization’s IP address space to check the network configuration and its available ports.
- Ensure that the router, IDS, and firewall firmware are updated to their latest releases.
- Ensure that the anti scanning and anti spoofing rules are configured.
What are some IDS Evasion Techniques?
- Use fragmented IP packets.
- Spoof your IP address when launching attacks and sniff responses from server.
- Use source routing (if possible).
- Connect to proxy servers of compromised trojaned machines to launch attacks.
What is Banner Grabbing?
The method to determine the operating system running on a remote target system.
Why would an attacker use banner grabbing?
To figure out the vulnerabilities the system posses and the exploits that might work on a system to further carry out additional attacks.
What are 4 banner grabbling tools?
- ID Serve
- Netcraft
- Netcat
- Telnet
What are some banner grabbing countermeasures?
- Display false banners
- Turn off unnecessary services
- Disable or change banner information
- Change ServerSignature line to ServerSignatureOff in httpd.conf
What can file extensions reveal to an attacker?
Information about the underlying server technology that an attacker can utilize to launch attacks.
What do vulnerability scanners identify?
Vulnerabilities and weaknesses of a system and network in order to determine how a system can be exploited.
What can drawing a target’s network diagram provide?
Valuable information about the network and it’s architecture to an attacker.
What is a proxy?
A network computer that can serve as an intermediary for connecting with other computers.
What are 4 functions of proxy servers?
- To act as a Firewall
- Filter out unwanted content
- To anonymize web surfing
- Allow the connection of a number of computers to the internet while having only 1 IP address