nerdexam
EC-Council

312-50V10 · Question #134

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

The correct answer is B. SYN/FIN scanning using IP fragments. SYN/FIN scanning using IP fragmentation splits the TCP header across multiple IP fragments to evade packet filters that cannot reassemble and inspect fragmented packets.

Scanning Networks

Question

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

Options

  • AICMP Echo scanning
  • BSYN/FIN scanning using IP fragments
  • CACK flag probe scanning
  • DIPID scanning

How the community answered

(29 responses)
  • A
    10% (3)
  • B
    79% (23)
  • C
    7% (2)
  • D
    3% (1)

Why each option

SYN/FIN scanning using IP fragmentation splits the TCP header across multiple IP fragments to evade packet filters that cannot reassemble and inspect fragmented packets.

AICMP Echo scanning

ICMP Echo scanning uses ping requests to discover live hosts and does not involve splitting TCP headers across IP fragments.

BSYN/FIN scanning using IP fragmentsCorrect

IP fragmentation allows an attacker to divide a TCP packet so that the header (including flags like SYN or FIN) is split across two or more IP fragments. Many stateless packet filters and older firewalls inspect individual fragments rather than reassembling them, so they cannot determine the true purpose of the traffic. This technique is specifically designed to bypass filtering devices by exploiting their inability to process fragmented TCP headers.

CACK flag probe scanning

ACK flag probe scanning sends ACK packets to determine firewall rulesets and stateful vs. stateless filtering - it does not use IP fragmentation to obscure headers.

DIPID scanning

IPID scanning (idle/zombie scanning) exploits the IP ID field of a zombie host to infer open ports and does not rely on fragmenting TCP headers.

Concept tested: IP fragmentation evasion scanning technique

Source: https://nmap.org/book/man-bypass-firewalls-ids.html

Topics

#IP fragmentation#SYN/FIN scanning#packet filter evasion#TCP header splitting

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice