ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 195 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 195
Topic #: 1
[All 312-50v13 Questions]

A Certified Ethical Hacker (CEH) is analyzing a target network. To do this, he decides to utilize an IDLE/IPID header scan using Nmap. The network analysis reveals that the IPID number increases by 2 after following the steps of an IDLE scan. Based on this information, what can the CEH conclude about the target network?

  • A. The ports on the target network are open
  • B. The target network has no firewall present
  • C. The ports on the target network are closed
  • D. The target network has a stateful firewall present
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by nicejob at Feb. 5, 2025, 7 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
killwitch
3 months, 4 weeks ago
Selected Answer: A
An IDLE/IPID header scan is a stealthy port scanning technique that exploits predictable IP identification (IPID) values from a zombie host to infer open ports on a target system without directly interacting with the target. How an IDLE Scan Works: The attacker finds a zombie host (a machine with predictable IPID values). The attacker sends a SYN packet to the target spoofed as coming from the zombie. The target responds: If the port is open, the target replies to the zombie with a SYN/ACK. Since the zombie was unaware of the connection, it sends an RST response, increasing its IPID value by 2. If the port is closed, the target replies with an RST, which does not cause the zombie's IPID value to increment by 2. Since the IPID increased by 2, this means the target responded with a SYN/ACK, causing the zombie to send an RST—indicating that the port is open.
upvoted 1 times
...
ehsarx
3 months, 4 weeks ago
Selected Answer: A
an IPID increase of two indicates that a zombie host sent a packet between two probes. This usually means that the port is open.
upvoted 1 times
...
Dogeo
4 months, 3 weeks ago
Selected Answer: D
The IDLE scan in Nmap reveals that the IPID number increases by 2, which indicates that the target network is likely protected by a stateful firewall. This type of firewall tracks connection states and influences how the IPID field is modified, providing clues about the network's configuration.
upvoted 1 times
...
nicejob
5 months ago
Selected Answer: A
IPID+2 mean target port is opened
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel