EC0-350 Exam Dumps - Ethical Hacking and Countermeasures V8

Closed ports respond to a NULL scan with a reset.

Think of dDoS (distributed Denial of Service) where you use a large number of computers to create simultaneous traffic against a victim in order to shut them down.

The Ethical hacker is a security professional who applies his hacking skills for defensive purposes.

Scanning the broadcast address makes the scan target all IP addresses on that subnet at the same time.

A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. Otherwise an error code is returned.

Example of a three-way handshake followed by a reset:

SourceDestinationSummary

[192.168.0.8][192.168.0.10]TCP: D=80 S=49389 SYN SEQ=3362197786 LEN=0 WIN=5840

[192.168.0.10] [192.168.0.8] TCP: D=49389 S=80 SYN ACK=3362197787 SEQ=58695210 LEN=0 WIN=65535

[192.168.0.8][192.168.0.10]TCP: D=80 S=49389 ACK=58695211 WIN<<2=5840

[192.168.0.8][192.168.0.10]TCP: D=80 S=49389 RST ACK=58695211 WIN<<2=5840

Destination unreachable administratively prohibited messages are a good way to discover that a router or other low-level packet device is filtering traffic. Analysis of the ICMP message will reveal the IP address of the blocking device and the filtered port. This further adds the to the network map and information being discovered about the network and hosts.

From NMAP:

-sI Idlescan: This advanced scan method allows for a truly blind TCP port scan of the target (meaning no packets are sent to the tar- get from your real IP address). Instead, a unique side-channel attack exploits predictable "IP fragmentation ID" sequence generation on the zombie host to glean information about the open ports on the target.