A penetration tester ran a simple Python-based scanner. The following is a snippet of the code: Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?
A.
sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.
B.
*range(1, 1025) on line 1 populated the portList list in numerical order.
C.
Line 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM
D.
The remoteSvr variable has neither been type-hinted nor initialized.
B. \*range(1, 1025) on line 1 populated the portList list in numerical order.
Populating the `portList` with a range of ports from 1 to 1024 in numerical order and then sequentially attempting connections to these ports is characteristic of a port scan. Intrusion Detection Systems (IDS) often detect port scans based on such sequential or numerous connection attempts within a short timeframe. This behavior is a common signature of port scanning activities, which is likely why the script triggered the alert.
The snippet of code is most likely to have triggered a "probable port scan" alert in the organization's IDS due to:
B. *range(1, 1025) on line 1 populated the portList list in numerical order.
The script is scanning a range of ports from 1 to 1024, which is the well-known range of ports. Scanning such a broad range of ports in numerical order is likely to be detected by an IDS as a probable port scan.
A - no, 20 seconds is fine
socket.settimeout(value)
Set a timeout on blocking socket operations. The value argument can be a nonnegative floating point number expressing seconds, or None.
https://docs.python.org/3/library/socket.html#socket.socket.settimeout
B - Port randomization is widely used in port scanners. By default, Nmap randomizes the scanned port order (except that certain commonly accessible ports are moved near the beginning for efficiency reasons)
https://nmap.org/book/man-port-specification.html
C - question is about triggering alert, not why it does not work
D - same as C
upvoted 5 times
...
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
[Removed]
Highly Voted 2 years, 5 months agoManzer
Highly Voted 2 years, 8 months agoEtc_Shadow28000
Most Recent 11 months, 2 weeks agoTiredOfTests
1 year, 7 months agosom3onenooned1
2 years, 7 months ago