Quiz 5 Flashcards Preview

Ethical Hacking > Quiz 5 > Flashcards

Flashcards in Quiz 5 Deck (34)
Loading flashcards...
1
Q

A disadvantage of Nmap is that it is very slow because it scans all the 65,000 ports of each computer in the IP address range

A

False

2
Q

A ____ or batch file is a text file containing multiple commands that are normally entered manually at the command prompt.

A

script

3
Q

A computer that receives a SYN packet from a remote computer responds to the packet with a(n) ____ packet if its port is open.

A

SYN/ACK

4
Q

A common Linux rootkit is ____.

A

Linux Rootkit 5

5
Q

A closed port responds to a SYN scan with an RST packet, so if no packet is received, the best guess is that the port is open.

A

False

6
Q

A closed port can be vulnerable to an attack.

A

False

7
Q

A ____ or batch file is a text file containing multiple commands that are normally entered manually at the command prompt.

A

script

8
Q

An OpenVAS____________________ is a security test program (script) that can be selected from the client interface.

A

plug-in

9
Q

Closed ports respond to a(n) ____ with an RST packet.

A

XMAS scan

10
Q

HTTP uses port ____ to connect to a Web service.

A

80

11
Q

How does a SYN scan work?

A

In a normal TCP session, a packet is sent to another computer with the SYN flag set. The receiving computer sends back a packet with the SYN/ACK flag set, indicating an acknowledgment. The sending computer then sends a packet with the ACK flag set. If the port to which the SYN packet is sent is closed, the computer responds to the SYN packet with an RST/ACK packet. If a SYN/ACK packet is received by an attacker’s computer, it quickly responds with an RST/ACK packet, closing the session. This is done so that a full TCP connection is never made and logged as a transaction. In this sense, it is “stealthy.” After all, you don’t want a transaction to be logged showing the IP address that connected to the attacked computer.

12
Q

If subnetting is used in an organization, you can include the broadcast address by mistake when performing ping sweeps. How might this happen?

A

If you decide to use ping sweeps, be careful not to include the broadcast address in your range of addresses. You can do this by mistake if subnetting is used in an organization. For example, if the IP address 193.145.85.0 is subnetted with a 255.255.255.192 subnet mask, four subnets are created: 193.145.85.0, 193.145.85.64, 193.145.85.128, and 193.145.85.192. The broadcast addresses for each subnet are 193.145.85.63, 193.145.85.127, 193.145.85.191, and 193.145.85.255, respectively. If a ping sweep was inadvertently activated on the range of hosts 193.145.85.65 to 193.145.85.127, an inordinate amount of traffic could flood through the network because the broadcast address of 193.145.85.127 was included. This would be more of a problem on a Class B address, but if you perform ping sweeps, make sure your client signs a written agreement authorizing the testing.

13
Q

In an ACK scan, if the attacked port returns an RST packet the attacked port is considered to be “____”.

A

unfiltered

14
Q

Nmap has a GUI version called ____________________ that makes it easier to work with some of the more complex options.

A

Zenmap

15
Q

Port scanning is a method of finding out which services a host computer offers.

A

True

16
Q

Port scanners can also be used to conduct a(n) ____________________ of a large network to identify which IP addresses belong to active hosts.

A

ping sweep

17
Q

Some attackers want to be hidden from network devices or IDSs that recognize an inordinate amount of pings or packets being sent to their networks, so they use ____________________ attacks that are more difficult to detect.

A

stealth

18
Q

The ____ option of Nmap is used to perform a TCP SYN stealth port scan.

A

sS

19
Q

The ____ relies on the OS of the attacked computer, so it’s a little more risky to use than the SYN scan.

A

connect scan

20
Q

The ____ vi command deletes the current line.

A

dd

21
Q

The ____ tool was originally written for Phrack magazine in 1997 by Fyodor.

A

Nmap

22
Q

What makes the ____________________ tool unique is the ability to update security check plug-ins when they become available.

A

OpenVAS

23
Q

What makes the OpenVAS tool unique?

A

What makes this tool unique is the capability to update security check plug-ins when they become available. An OpenVAS plug-in is a security test program (script) that can be selected from the client interface. The person who writes the plug-in decides whether to designate it as dangerous, and the author’s judgment on what’s considered dangerous might differ from yours.

24
Q

Which ports should security professionals scan when doing a test? Why?

A

As a security tester, you need to know which ports attackers are going after so those ports can be closed or protected. Security professionals must scan all ports when doing a test, not just the well-known ports (Ports 1 to 1023, the most common, are covered in Chapter 2). Many computer programs use port numbers outside the range of well-known ports. For example, pcAnywhere operates on ports 65301, 22, 5631, and 5632. A hacker who discovers that port 65301 is open might want to check the information at the Common Vulnerabilities and Exposures Web site for a possible vulnerability in pcAnywhere. After a hacker discovers an open service, finding a vulnerability or exploit isn’t difficult.

25
Q

Why is port scanning considered legal by most security testers and hackers?

A

Most security testers and hackers argue that port scanning is legal simply because it doesn’t invade others’ privacy; it merely discovers whether the party being scanned is available. The typical analogy is a person walking down the street and turning the doorknob of every house along the way. If the door opens, the person notes that the door is open and proceeds to the next house. Of course, entering the house would be a crime in most parts of the world, just as entering a computer system or network without the owner’s permission is a crime.

26
Q

Why is port scanning useful for hackers?

A

Port scanning helps you answer questions about open ports and services by enabling you to quickly scan thousands or even tens of thousands of IP addresses. Many port-scanning tools produce reports of their findings, and some give you best-guess assessments of which OS is running on a system. Most, if not all, scanning programs report open ports, closed ports, and filtered ports in a matter of seconds. When a Web server needs to communicate with applications or other computers, for example, port 80 is opened. An open port allows access to applications and can be vulnerable to an attack. A closed port does not allow entry or access to a service. For instance, if port 80 is closed on a Web server, users wouldn’t be able to access Web sites. A port reported as filtered might indicate that a firewall is being used to allow specified traffic in or out of the network.

27
Q

When a TCP three-way handshake ends, both parties send a(n) ____ packet to end the connection.

A

FIN

28
Q

You can search for known vulnerabilities in a host computer by using the Common Vulnerabilities and Exposures Web site.

A

True

29
Q

____ is a reasonably priced commercial port scanner with a GUI interface.

A

AW Security Port Scanner

30
Q

____ is a protocol packet analyzer.

A

Tcpdump

31
Q

____ was developed to assist security testers in conducting tests on large networks and to consolidate many of the tools needed for large-scale endeavors.

A

Unicornscan

32
Q

____ is currently the standard port-scanning tool for security professionals.

A

Nmap

33
Q

____, an open-source fork of Nessus, functions much like a database server, performing complex queries while the client interfaces with the server to simplify reporting and configuration.

A

OpenVAS

34
Q

Name a port scanning tool

A

Nmap