If an attacker's IPID of 31400 to a zombie on an open port in IDLE scanning, what will be the response?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

If an attacker's IPID of 31400 to a zombie on an open port in IDLE scanning, what will be the response?

In IDLE scanning, the IP Identification (IPID) field is used as a side channel. The attacker uses a zombie host with a predictable IPID sequence and sends spoofed probes that appear to come from that zombie to the target. If the target port is open, the target will respond to the zombie, causing the zombie to generate or relay one more IP packet. This increases the zombie’s IPID by one. Therefore, starting from an observed IPID of 31400, the next value the zombie will emit after the probe is 31401. If the port were closed or filtered, the IPID behavior would differ (often no the same incremental response), so the open-port case specifically leads to a single increment.

If an attacker's IPID of 31400 to a zombie on an open port in IDLE scanning, what will be the response?

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

If an attacker's IPID of 31400 to a zombie on an open port in IDLE scanning, what will be the response?

Get the latest from Passetra