Which scan uses ACK probe packets and then analyzes the TTL and WINDOW fields of the received RST packets to determine if the port is open or closed?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which scan uses ACK probe packets and then analyzes the TTL and WINDOW fields of the received RST packets to determine if the port is open or closed?

Explanation:
The technique being tested is the TCP Maimon scan. It uses ACK probe packets to provoke responses from the target, and then it looks at the TTL and TCP window size in the RST packets that come back. The specific values of TTL and window in those RST responses vary depending on the operating system and TCP/IP stack, and this variation lets the scanner infer whether a port is open or closed without needing a full connection. This combination of ACK probes with analysis of RST TTL and window fields is the hallmark of the Maimon approach. Other scan types rely on different elicitation methods or indicators (such as using only window sizes, or using idle/IPID side channels, or different probe flags), so they don’t match the described method as precisely.

The technique being tested is the TCP Maimon scan. It uses ACK probe packets to provoke responses from the target, and then it looks at the TTL and TCP window size in the RST packets that come back. The specific values of TTL and window in those RST responses vary depending on the operating system and TCP/IP stack, and this variation lets the scanner infer whether a port is open or closed without needing a full connection. This combination of ACK probes with analysis of RST TTL and window fields is the hallmark of the Maimon approach. Other scan types rely on different elicitation methods or indicators (such as using only window sizes, or using idle/IPID side channels, or different probe flags), so they don’t match the described method as precisely.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy