lesson 2

Question 1

nist special publication 800-41

Answer 1

-security guideline recommending that you block incoming ping traffic

Question 2

malicious ping

Answer 2

-attackers can observe the ttl values in ping replies to identify operating systems

Question 3

juniper ttl value

Answer 3

64

Question 4

linux 2.4 ttl value

Answer 4

255

Question 5

red hat ttl value

Answer 5

64

Question 6

mac ttl value

Answer 6

64

Question 7

windows ttl value

Answer 7

128

Question 8

netstat

Answer 8

-used to determine if a particular service is listening on a network interface

Question 9

nslookup

Answer 9

-resolves hostnames to test dns

Question 10

nmap

Answer 10

• network mapper

- used to fingerprint services on open ports

Question 11

nmap scan types

Answer 11

• sS, tcp syn
• sT, tcp connect
• sU, udp

Question 12

nmap -sS

Answer 12

• tcp syn
• default option
• doesnt complete tcp connections
• stealthy
• can identify open, closed, and filtered ports
• requires root privileges

Question 13

nmap -sT

Answer 13

• tcp connect
• default without root privileges
• connections are completed
• connections are logged by the target

Question 14

nmap -sU

Answer 14

• udp scan
• used to scan for udp services
• slower and more difficult to scan

Question 15

nmap options

Answer 15

• port specification (p )
• ping scan, disable port scan (-sn)
• treat all hosts as online, skip host discovery (-Pn)
• never do dns resolution (-n)
• service fingerprinting (-sV)
• increase verbosity (-v, -vv)
• display the reasoning for nmaps’ findings (–reason)

Question 16

network traffic traveling through a windows firewall can be allowed or blocked based on

Answer 16

• programs
• services
• protocols
• ports
• local ip
• remote ip

Question 17

windows firewall profiles

Answer 17

• domain
• private
• public

Question 18

domain windows firewall profile

Answer 18

• networks on which a dc could be used for authentication

- used for corporate networks

Question 19

private windows firewall profile

Answer 19

• can be selected by the end user

- used for home networks

Question 20

public windows firewall profile

Answer 20

• default profile

- used for public networks

Question 21

netfilter

Answer 21

• packet filtering framework built into the linux kernel
• stateless packet filtering
• stateful packet filtering
• network address translation
• port address translation
• uses kernel hooks at which packets can be interacted with ex. ip tables

Question 22

iptables

Answer 22

• standard firewall in many linux distributions

- used to configure and view tables of packet filter rules

Question 23

iptables parts

Answer 23

• rules
• targets
• chains

Question 24

iptables rule match characteristics

Answer 24

• packet protocol type
• source address
• destination address
• source port
• destination port
• network interface being used
• relation to previous packets

Question 25

iptables targets

Answer 25

• what to do with packets that match a rule
• accept
• drop
• return

Question 26

iptables chains

Answer 26

• collections of rules checked sequentially
• stops at first match
• input
• output
• forward

Question 27

iptables default policy

Answer 27

• applied if a packet matches no other rules in a chain

- often set to drop to block all traffic that is not explicitly allowed by a rule