Which scanning technique can be used to probe the existence of a firewall and its rule sets?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which scanning technique can be used to probe the existence of a firewall and its rule sets?

Explanation:
When you want to uncover whether a firewall exists and what its rules look like, you test how the network handles packets that don’t come with an established connection. This is done by sending TCP acknowledgment packets to a range of ports and watching the responses. If a firewall is present and stateful, it will typically treat unsolicited ACKs specially—often dropping them—so many ports appear filtered. If a port responds with a reset, the path is considered unfiltered, and the pattern of responses across many ports can reveal the firewall’s rule behavior. In short, ACK scanning probes how the device handles traffic that should be part of an existing connection, which exposes both the existence of filtering and the rule tendencies that govern what traffic is allowed. SYN scanning, on the other hand, is about finding open ports by starting a connection handshake and seeing which ports respond with SYN-ACK or RST. It’s great for mapping open services but doesn’t directly reveal firewall presence or the underlying rule sets governing unsolicited traffic. FIN and Xmas scans rely on unusual flag combinations and how targets respond to them; many modern systems ignore these, making them unreliable for accurately diagnosing a firewall’s existence or its rules.

When you want to uncover whether a firewall exists and what its rules look like, you test how the network handles packets that don’t come with an established connection. This is done by sending TCP acknowledgment packets to a range of ports and watching the responses. If a firewall is present and stateful, it will typically treat unsolicited ACKs specially—often dropping them—so many ports appear filtered. If a port responds with a reset, the path is considered unfiltered, and the pattern of responses across many ports can reveal the firewall’s rule behavior. In short, ACK scanning probes how the device handles traffic that should be part of an existing connection, which exposes both the existence of filtering and the rule tendencies that govern what traffic is allowed.

SYN scanning, on the other hand, is about finding open ports by starting a connection handshake and seeing which ports respond with SYN-ACK or RST. It’s great for mapping open services but doesn’t directly reveal firewall presence or the underlying rule sets governing unsolicited traffic. FIN and Xmas scans rely on unusual flag combinations and how targets respond to them; many modern systems ignore these, making them unreliable for accurately diagnosing a firewall’s existence or its rules.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy