Scribd Logo
Upload

Welcome to Scribd!

  • Ceh Chap3 Quizlet

    Uploaded by

    lynnverb
    68 views2 pages
    ethical hacking quiz

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ethical hacking quiz

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    68 views2 pages

    Ceh Chap3 Quizlet

    Uploaded by

    lynnverb
    ethical hacking quiz

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    CEH Study Guide Chapter 3

    Study online at quizlet.com/_5oide


    1.

    A S P. Net session state uses T C P port: Banner grabbing and operating system identification can also be defined as? D N S uses T C P and U D P port: Define active stack fingerprinting: Define banner grabbing? Define enumeration?

    42424

    15.

    Describe NMAP scan type: Null scan Describe NMAP scan type: SYN stealth scan Describe NMAP scan type: TCP connect Describe NMAP scan type: Windows scan Describe NMAP scan type: XMAS tree scan DHCP server uses U D P port: Explain the TCP three-way handshake

    Advanced scan that may be able to pass through firewalls undetected - all flags are off or not set. Only works on UNIX systems - closed ports reply with RST. half-open scanning - attacker send a SYN packet and receives a SYN-ACK back from the system. Stealthy because a full TCP connection isn't opened. Open ports reply with SYN/ACK and closed ports reply with RST/ACK full TCP connection to target. Most reliable scan type but also most detectable. Open ports reply with SYN/ACK while closed ports respond with RST/ACK Similar to ACK scan and can detect open ports

    2.

    fingerprinting the TCP/IP stack

    16.

    17.

    3.

    53

    4.

    most common form of fingerprinting; involves sending data to a system to see how the system responds - detectable Process of opening a connection and reading the banner or response sent by the application Occurs after scanning and is the process of gathering and compiling usernames, machine names, network resources, shares, services. Objective is to identify user accounts for portential use in hacking the target system. Procedure for identifying active hosts on a network. stealthier and involves examining traffic on the network to determine the OS. It uses sniffing techniques rather than scanning. Process of locating systems that are alive and responding on the newwork. First phase of active hacking. process of proactively identifying the vulnerabilities of computer systems on a network. process of dialing modem numbers to find an open modem connection that provides remote access to a network. Used to map out firewall rules. Only works on UNIX, port is considered filtered if ICMP destination unreachable is received as a result. similar to XMAS tree scan but sends packets with just the FIN flag set. uses a spoofed IP address to send a SYN packet to a target. IDLE scans determine port scan response by monitoring IP header sequence numbers.

    18.

    5.

    6.

    19.

    attacker checks for TCP services by sending XMAS tree packets, all "lights" are on meaning FIN, URG, PSH flags are set. Closed ports reply with RST. 67

    20.

    7.

    Define network scanning? Define passive stack fingerprinting: Define scanning? Define vulnerability scanning? Define war dialing? Describe NMAP scan type: ACK scan Describe NMAP scan type: FIN scan Describe NMAP scan type: IDLE scan

    8.

    21.

    9.

    10.

    Sender sends a TCP packet with the synchronize (SYN) bit set. Receiver responds with a TCP packet with the synchronize (SYN) and acknowledge (ACK) bit set that it's ready to receive data. Sender sends a final packet with the ACK bit set to indicate the connection is complete and data is ready to be sent. a computer that acts as an intermediary between the hacker and the target computer; allows the hacker to become anonymous on the network. 21

    22.

    11.

    Explain what a proxy server is: F T P uses what port number? HTTPS uses what port number? HTTP uses what port number?

    12.

    23.

    24.

    443

    13.

    14.

    25.

    80

    26.

    I P Sec ISAKMP uses U D P port? IMAP over S S L uses T C P port: IMAP uses T C P port: LDAP S S L use T C P and U D P ports? LDAP Server uses T C P and U D P ports: LDAP server uses T C P and U D P ports? NAT-T uses U D P port? NetBIOS datagram service uses U D P port: NetBIOS null sessions use what ports? NetBIOS session service uses T C P port: POP 3 over S S L uses T C P port: POP 3 uses what port number? Port numbers are divided into what three ranges?

    500 993 143 636 389 389 4500 137 and 138 135, 137,139, 445 139

    46.

    27.

    What are the TCP protocol notification flags?

    28. 29.

    30.

    SYN: synchronize - initiates a connection between hosts ACK: acknowledge - established connection between hosts PSH: push - system is forwarding buffered data URG: urgent - data in packets must be processed quickly FIN: finish - no more transmissions RST: reset - resets the connection Port scanning: determines open ports and services Network scanning: identifies I P addresses on a given network or subnet. Vulnerability scanning:discovers presense of known weaknesses on target systems. nslookup ls -d domainname

    47.

    31.

    What are three types of scanning?

    32. 33.

    48.

    34.

    35.

    What can be used to perform a simple DNS zone transfer? What is a null session?

    49.

    36.

    995 110 Well-known ports: 01023 Registered ports: 102449151 Dynamic ports: 4915265535 80 and 443
    51.

    37. 38.

    occurs when you log into a system with no username or password. NetBIOS null sessions are a vulnerability found in the Common Internet File System (CIFS) or SMB depending on OS - Microsoft uses SMB and UNIX uses CIFS. ISMP scanning by pinging the network range to see what systems respond - runs quickly but not accurate; firewalls can block and the system has to be turned on to respond. service to make web surging anonymous by utilizing a website that acts as a proxy server. Free tool that performs ping sweeps, port scanning, service identification, IP address detection, and OS detection. Close ports 135, 137, 139, 445 on the target systems - acomplished by disabling SMB services on individual hosts by unbinding the TCP/IP WINS client from the interface in the network connection properties. process of using SNMP to enumerate user accounts on a target system. 1. Open: target accepts incoming requests 2. Filtered: firewall or network filter is screening the port and preventing nmap from discovering whether it's open 3. Unfiltered: port is determined to be closed and no firewall or filter is interfereing with the nmap request.

    50.

    What is a ping sweep?

    39.

    R P C over H T T P S uses T C P ports: R P C uses T C P port? S M B uses T C P port: S M T P uses what port number? Telnet uses what port number? The global catalog server uses what T C P ports? What are the stages of the CEH scanning methodology:

    What is an anonymizer: What is nmap?

    40. 41. 42.

    135 445 25 23 3269 and 3268 1. Check for live systems 2. Check for open ports 3. Service identification 4. Banner grabbing/OS fingerprinting 5. Vulnerability scanning 6. Draw network diagrams of vulnerable hosts 7. Prepare proxies 8. Attack
    53. 52.

    43. 44.

    45.

    What is one countermeasure to prevent NetBIOS null sessions? What is SNMP enumeration? What three states of a port can nmap determine?

    54.

    55.

    You might also like