EC-Council
312-50V11 · Question #39
312-50V11 Question #39: Real Exam Question with Answer & Explanation
The correct answer is C: IP Fragment Scanning. IP Fragment Scanning splits the TCP header across multiple small IP fragments, making it difficult for packet filters and intrusion detection systems to determine the purpose of the scan.
Scanning Networks
Question
You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for. Which of the below scanning technique will you use?
Options
- AACK flag scanning
- BTCP Scanning
- CIP Fragment Scanning
- DInverse TCP flag scanning
Explanation
IP Fragment Scanning splits the TCP header across multiple small IP fragments, making it difficult for packet filters and intrusion detection systems to determine the purpose of the scan.
Common mistakes.
- A. ACK flag scanning sends packets with only the ACK flag set to probe firewall rule sets and distinguish stateful from stateless filters, not to fragment packets for evasion.
- B. TCP Scanning is a broad category covering many connection-based scan types and does not describe a specific packet-fragmentation evasion technique.
- D. Inverse TCP flag scanning uses abnormal flag combinations such as FIN, URG, or PSH to elicit RST responses from closed ports on some operating systems, which is unrelated to IP fragmentation.
Concept tested. IP packet fragmentation for IDS and firewall evasion
Reference. https://nmap.org/book/man-bypass-firewalls-ids.html
Topics
#IP fragment scanning#packet fragmentation#firewall evasion#stealth scanning
Community Discussion
No community discussion yet for this question.