nerdexam
ExamsGCIHQuestions#281
GIAC

GCIH · Question #281

GCIH Question #281: Real Exam Question with Answer & Explanation

The correct answer is C: The zombie computer is the system interacting with some other system besides your. In an idle scan, irregular IPID increments indicate the zombie host is actively communicating with other systems, making its IPID sequence unreliable for inferring open ports on the target.

Question

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we- aresecure.com Web site. For this, you want to perform the idle scan so that you can get the ports open in the we-are-secure.com server. You are using Hping tool to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented on every query, regardless whether the ports are open or close. Sometimes, IPID is being incremented by more than one value. What may be the reason?

Options

  • AThe firewall is blocking the scanning process.
  • BThe zombie computer is not connected to the we-are-secure.com Web server.
  • CThe zombie computer is the system interacting with some other system besides your
  • DHping does not perform idle scanning.

Explanation

In an idle scan, irregular IPID increments indicate the zombie host is actively communicating with other systems, making its IPID sequence unreliable for inferring open ports on the target.

Common mistakes.

  • A. A firewall blocking the scan would cause ports to appear filtered or closed consistently - it would not cause the zombie's IPID to increment irregularly on every query regardless of port state.
  • B. If the zombie had no connectivity to the target, the IPID would remain static for closed-port probes rather than incrementing unpredictably on every query.
  • D. Hping2 and Hping3 both support idle scanning using spoofed source addresses and IPID analysis, making this statement factually incorrect.

Concept tested. Idle scan zombie IPID reliability requirements

Reference. https://nmap.org/book/idlescan.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice