Which scan describes a method that can send a spoofed source address to identify available services?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which scan describes a method that can send a spoofed source address to identify available services?

Explanation:
Spoofed-source identification of open services is best explained by the Idle Scan (IPID-based) technique. It relies on a zombie host—a device you don’t directly contact but whose IPID sequence you can predict. The attacker sends crafted packets toward the target with the source address forged to be that zombie’s IP. The target’s responses, if any, are directed to the zombie, not to the attacker. By watching how the zombie’s IPID value changes before and after these spoofed probes, the attacker can infer whether the target port is open, closed, or filtered, and thus map which services are available on the target without directly connecting from the attacker’s IP. This approach hinges on spoofing and on a side channel (the zombie’s IPID field) to reveal state of ports, making it possible to fingerprint services even when direct probes aren’t observed by the attacker. Other scan methods don’t rely on this IPID-based indirect observation to determine port state, which is why idle/IPID-based spoofed scans are the technique that fits the description.

Spoofed-source identification of open services is best explained by the Idle Scan (IPID-based) technique. It relies on a zombie host—a device you don’t directly contact but whose IPID sequence you can predict. The attacker sends crafted packets toward the target with the source address forged to be that zombie’s IP. The target’s responses, if any, are directed to the zombie, not to the attacker. By watching how the zombie’s IPID value changes before and after these spoofed probes, the attacker can infer whether the target port is open, closed, or filtered, and thus map which services are available on the target without directly connecting from the attacker’s IP.

This approach hinges on spoofing and on a side channel (the zombie’s IPID field) to reveal state of ports, making it possible to fingerprint services even when direct probes aren’t observed by the attacker. Other scan methods don’t rely on this IPID-based indirect observation to determine port state, which is why idle/IPID-based spoofed scans are the technique that fits the description.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy