Exam 312-50v12 topic 1 question 114 discussion

CEH V12 BOOK; Page 310

CEH V12 BOOK; Page 302

C. TCP Maimon scan This scan sends FIN/ACK probes to the target ports and determines their status based on the response. If the port is open, no response is sent back. If the port is closed, an RST packet is sent back

IPconfig 2 weeks, 3 days ago C TCP Maimon scan This scan technique is very similar to NULL, FIN, and Xmas scan, but the probe used here is FIN/ACK. In most cases, to determine if the port is open or closed, the RST packet should be generated as a response to a probe request. However, in many BSD systems, the port is open if the packet gets dropped in response to a probe. ACK Flag Probe Scan Attackers send TCP probe packets with the ACK flag set to a remote device and then analyze the header information (TTL and WINDOW field) of the received RST packets to find out if the port is open or closed. Since the question says FIN/ACK probes not just ACK Flag probes the answer should be TCP Maimon scan

C TCP Maimon scan This scan technique is very similar to NULL, FIN, and Xmas scan, but the probe used here is FIN/ACK. In most cases, to determine if the port is open or closed, the RST packet should be generated as a response to a probe request. However, in many BSD systems, the port is open if the packet gets dropped in response to a probe. ACK Flag Probe Scan Attackers send TCP probe packets with the ACK flag set to a remote device and then analyze the header information (TTL and WINDOW field) of the received RST packets to find out if the port is open or closed. Since the question says FIN/ACK probes not just ACK Flag probes the answer should be TCP Maimon scan

Answer is definitely C. It is clearly in the CEH book. TCP Maimon scans use a FIN/ACK probe. The people who chose D were using chatbots like ChatGPT to verify the answer. Unfortunately ChatGPT does not know what a TCP Maimon scan is at the moment so it hallucinates the answer as D.

C. TCP Maimon scan

I choose D. ACK flag probe scan but anyone truely knows the correct answer?

D. ACK flag probe scan In an ACK flag probe scan, the scanner sends TCP ACK packets to various ports on the target host. If the target host responds with an RST packet, it indicates that the port is closed. However, if there is no response or a different response is received, it suggests that the port is open or filtered. The other scanning techniques mentioned are as follows: A. Xmas scan: This scan involves sending packets with the FIN, URG, and PUSH flags set, probing the target host for open ports. B. IDLE/IPID header scan: This scan examines the IP ID field in the packet header to determine if it increments predictably, indicating the presence of an open port. C. TCP Maimon scan: This scan uses the TCP Maimon technique to send packets with different flag combinations to determine the state of the port. Therefore, based on the given information, the correct answer is D. ACK flag probe scan.

C. TCP Maimon scan

C. TCP Maimon scan

C. TCP Maimon scan

D. ACK flag probe scan.

C. TCP Maimon scan Like V11 Q170 CEH Book V12 Module 03 P302 from book : *Probe packet (FIN/ACK) ==> No response - Port is open ==> ICMP unreachable error response - Port is filtered ==> RST packet response - Port is closed

In an ACK flag probe scan, the scanner sends an ACK packet to a port on the target host. If the port is open, the target host will respond with an RST packet, indicating that it received the ACK packet but did not know how to handle it. If the port is closed, the target host will respond with an RST packet, indicating that it received the ACK packet but could not complete the connection. Xmas scan is a type of port scan that sends packets with the FIN, PSH, and URG flags set, while IDLE/IPID header scan and TCP Maimon scan are not commonly used port scanning techniques.