The attacker performs this scan by impersonating another computer via spoofing. The attacker does not send a packet from their IP address; instead, they use another host, often called a “zombie,” to scan the remote host and identify open ports. In this attack, the attacker expects the sequence numbers of the zombie host, and if the remote host checks the IP of the scanning party, the IP of the zombie machine is displayed.
CEH V12 pg 315-316
D. Idle scanning
https://en.wikipedia.org/wiki/Idle_scan#Finding_a_zombie_host
The first step in executing an idle scan is to find an appropriate zombie. It needs to assign IP ID packets incrementally...
The correct option is D.
Idle scanning (also known as zombie scanning) is a firewall evasion technique that uses a zombie system with low network activity to scan a target system
The correct answer is A. Packet fragmentation scanning is a technique used to evade firewalls by fragmenting packets to bypass firewall rules. In this technique, the attacker sends a large packet that is broken down into smaller fragments. The fragments are sent to the target system and are reassembled by the system's TCP/IP stack. The firewall may only inspect the first fragment, allowing the subsequent fragments to bypass the firewall rules. The attacker may use a zombie system with low network activity to generate fragmented packets with random fragment identification numbers to evade detection.
In contrast, the technique mentioned in the question uses the fragmentation identification numbers of a zombie system to evade firewall scanning. Therefore, the correct answer is A, packet fragmentation scanning.
A. Packet fragmentation scanning
Packet fragmentation scanning involves breaking up packets into smaller fragments to evade firewall or intrusion detection system (IDS) rules that are configured to block or detect packets of a certain size or pattern. By using a zombie system with low network activity, the attacker can minimize the chances of detection and increase the chances of successful evasion. The attacker can also manipulate the fragment identification numbers to avoid detection.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
jeremy13
Highly Voted 1 year, 7 months agoinsaniunt
Most Recent 11 months, 1 week agoIPconfig
1 year ago581777a
1 year, 3 months agoVincent_Lu
1 year, 5 months agovictorfs
1 year, 6 months agoMuli_70
1 year, 6 months agosausageman
1 year, 7 months agoeli117
1 year, 7 months ago