Exam 312-50v12 topic 1 question 230 discussion

i think its option A: To bypass detection mechanisms on a BSD-derived TCP/IP stack, the Certified Ethical Hacker should use: A. Maimon Scan, because it is very similar to NULL, FIN, and Xmas scans, but the probe used here is FIN/ACK The Maimon Scan is effective because it sends a FIN/ACK probe, which can exploit certain vulnerabilities in the TCP/IP stack of BSD-derived systems. This type of scan is less likely to be detected by network security devices that are configured to detect SYN packets, making it a suitable choice for stealth scanning.

Option D, ACK Flag Probe Scan, is the most appropriate choice. This scan can provide insights into the network’s filtering behavior without the usual risks of detection associated with opening a full connection or sending irregular flag combinations, making it a more discreet option for initial reconnaissance, especially in environments that are sensitive to SYN packets.

The correct is D. Keyword "BSD-derived TCP/IP stack", BSD have a limitation in TCP/IP stack. ACK Flag Probe Scan Attackers send TCP probe packets with the ACK flag set to a remote device and then analyze the header information (TTL and WINDOW field) of the received RST packets to find out if the port is open or closed. The ACK flag probe scan exploits the vulnerabilities within the BSD-derived TCP/IP stack. Thus, such scanning is effective only on those OSs and platforms on which the BSD derives TCP/IP stacks. Module 03 Page 312

Attackers send TCP probe packets with the ACK flag set to a remote device and then analyze the header information (TTL and WINDOW field) of the received RST packets to find out if the port is open or closed. The ACK flag probe scan exploits the vulnerabilities within the BSD-derived TCP/IP stack. Thus, such scanning is effective only on those OSs and platforms on which the BSD derives TCP/IP stacks.

D. via research

B. Xmas Scan, because it can pass through filters undetected, depending on the security mechanisms installed. A Xmas Scan is a type of TCP port scan where the attacker sends TCP packets with the FIN, URG, and PSH flags set to target a specific range of ports. This scan is designed to evade detection mechanisms that may be configured to detect SYN packets or other standard scanning techniques.

I am not very sure, but I think it's D (Module 03 Page 311and 312) ACK Flag Probe Scan Attackers send TCP probe packets with the ACK flag set to a remote device and then analyze the header information (TTL and WINDOW field) of the received RST packets to find out if the port is open or closed. The ACK flag probe scan exploits the vulnerabilities within the BSD-derived TCP/IP stack. Thus, such scanning is effective only on those OSs and platforms on which the BSD derives TCP/IP stacks.