TestOut Ethical Hacker Pro Q&A Chapter 5 Scanning
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| What is scanning? | show 🗑
|
||||
| Which types of scanning are used to gather information about a target? | show 🗑
|
||||
| show |
🗑
|
||||
| show |
🗑
|
||||
| How can organizations protect themselves against scanning attempts? | show 🗑
|
||||
| Scanning | show 🗑
|
||||
| Port scan | show 🗑
|
||||
| show | Network scans are used to find live computers on a network.
🗑
|
||||
| Vulnerability scan | show 🗑
|
||||
| show | Using a modem, the scan dials a large block of phone numbers and attempts to locate other systems connected to a modem. If the modem gets a response, it can establish a connection. Modems are still often used for fax machines and multi-purpose copiers and as a backup for high-speed internet.
🗑
|
||||
| show | ping works by sending an ICMP message from one system to another. Based on the ICMP reply, you know whether the system is live and how quickly the packets travel from one host to another.
🗑
|
||||
| show | A ping sweep scans a range of IPs to look for live systems. ping sweeps help to build a network inventory. However, they can also alert the security system, potentially resulting in an alarm being triggered or the attempt being blocked.
🗑
|
||||
| show | you’re trying to use TCP to connect to a port. As indicated by the name, the handshake has three steps:
Computer 1 sends a SYN packet to Computer 2.
Computer 2 receives the packet and sends a SYN/ACK packet to Computer 1.
Computer 1 receives the SYN/ACK packet and replies with an ACK packet, and the connection is complete.
🗑
|
||||
| show | Starts a connection between hosts.
🗑
|
||||
| show | Acknowledges the receipt of a packet.
🗑
|
||||
| TCP Flag FIN | show 🗑
|
||||
| show | Resets a connection.
🗑
|
||||
| TCP Flag URG | show 🗑
|
||||
| TCP Flag PSH | show 🗑
|
||||
| nmap –sT IP address | show 🗑
|
||||
| nmap –sS IP address | show 🗑
|
||||
| show | Xmas tree scan An Xmas tree scan gets its name because all of the flags are turned on, and the packet is lit up like a Christmas tree. The recipient has no idea what to do with this packet, so either the packet is ignored or dropped. If you get an RST packet, you know the port is closed. If you don’t get a response, the port may be open.
🗑
|
||||
| nmap –sF IP address | show 🗑
|
||||
| nmap –sN IP address | show 🗑
|
||||
| Idle Scan | show 🗑
|
||||
| Full open scan | show 🗑
|
||||
| show | A half-open scan, also known as a stealth scan, sends an SYN packet to a port. The three-way handshake does not occur because the originating system does not reply with the final ACK. At this point, you have discovered an open port. Because an ACK packet was not sent, a connection was not made, and there is no security log.
nmap –sS IP address
🗑
|
||||
| Xmas tree scan | show 🗑
|
||||
| FIN scan | show 🗑
|
||||
| NULL scan | show 🗑
|
||||
| Scanning Tools CurrPorts | show 🗑
|
||||
| show | ping uses Internet Control Message Protocol (ICMP) messaging to determine whether a remote system is live.
🗑
|
||||
| Scanning Tools hping3 | show 🗑
|
||||
| show | Colasoft is a packet crafting software that can modify flags and adjust other packet content.
🗑
|
||||
| show | Angry IP Scanner is a network scanner. It scans local and remote networks and returns an IP range via a command-line interface.
🗑
|
||||
| Scanning Tools SolarWinds Port Scanner | show 🗑
|
||||
| Scanning Tools IP-Tools | show 🗑
|
||||
| Network Mapping Tools NetAuditor | show 🗑
|
||||
| Network Mapping Tools SolarWinds Network Topology Manager | show 🗑
|
||||
| show | Scany is a scanner application for iOS devices. It scans networks, websites, and ports to find open network devices. It can obtain domain and network names and includes basic networking utilities such as ping, traceroute, and whois.
🗑
|
||||
| show | is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with ...
🗑
|
||||
| Scanning Considerations | show 🗑
|
||||
| show | A few options include scanning with ACK, fragmenting packets, spoofing IP addresses, and using a proxy.
🗑
|
||||
| show | This scan will help you determine whether the firewall is stateful or stateless and whether or not the ports are open. In an ACK scan, only the ACK flag is set. If a port is unfiltered, both open and closed ports return an RST packet. If a port is filtered, it either returns an error message or no response at all.
🗑
|
||||
| show | Fragmenting is probably one of the most commonly used methods to avoid detection. You're still sending packets, you're just breaking them apart so intrusion detection systems don't know what they are. As long as you're not bombarding the system, the packet segments float by without concern.
🗑
|
||||
| show | Many scanning tools have the functionality to recraft the packet so that the source address reflects a different IP address. The scan is sent to the recipient, the feedback is returned to the fake IP address, and there is no record of your IP address sending the requests.
🗑
|
||||
| show | A proxy serves as a less vulnerable access point to a network. Typically, proxies are placed in networks to keep external users from accessing the internal network. Hackers like proxies because they filter incoming and outgoing traffic, provide you with anonymity, and shield you from possible detection.
🗑
|
||||
| Vulnerability Scan tool Nessus | show 🗑
|
||||
| Vulnerability Scan tool OpenVAS | show 🗑
|
||||
| Vulnerability Scan tool Beyond Trust | show 🗑
|
||||
| show | Saint provides enterprise level vulnerability management tools.
🗑
|
||||
| show | 1. disable the banners, or at least portions of the banner.
2. hide file extensions.
3. enable custom error pages. This way, you have full control over what scanners can and cannot see when they trigger an error message.
🗑
|
||||
| A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used? | show 🗑
|
||||
| show | Network scan
🗑
|
||||
| show | Fingerprinting
🗑
|
||||
| What scan is used to actively engage a target in an attempt to gather information about it? | show 🗑
|
||||
| A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used? | show 🗑
|
||||
| Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed? | show 🗑
|
||||
| show | PSH
🗑
|
||||
| TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back? | show 🗑
|
||||
| What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats? | show 🗑
|
||||
| You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use? | show 🗑
|
||||
| show | Colasoft
🗑
|
||||
| You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use? | show 🗑
|
||||
| show | Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.
🗑
|
||||
| show | It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection.
🗑
|
||||
| What is banner grabbing? | show 🗑
|
||||
| show |
🗑
|
||||
| What information is included in a banner? | show 🗑
|
||||
| show | Banner grabbing is a technique hackers use to obtain information about the services running on a target system.
🗑
|
||||
| Telnet | show 🗑
|
||||
| Netcraft | show 🗑
|
||||
| show | P0F is a Linux tool that analyzes network traffic and returns information on operating systems. Because it is passively viewing traffic, it is a stealthy method for gathering information.
🗑
|
||||
| show | nmap is another tool for banner grabbing. nmap connects to an open TCP port and returns anything sent in a five second period. The command syntax is nmap –sV –script=banner ip_address. The -sV option probes open ports to determine service/version info.
🗑
|
||||
| nmap –sV –script=banner ip_address | show 🗑
|
||||
| show | Banner grabbing
🗑
|
||||
| show | P0f
🗑
|
||||
| show | nmap -sV --script=banner ip_address
🗑
|
||||
| nmap -sT | show 🗑
|
||||
| nmap -sX | show 🗑
|
||||
| nmap -sN | show 🗑
|
||||
| What is an online tool that is used to obtain server and web server information? | show 🗑
|
||||
| What best describes telnet? | show 🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
jacobth