If an attacker's IPID of 31400 to a zombie on an open port in IDLE scanning, what will be the response?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

If an attacker's IPID of 31400 to a zombie on an open port in IDLE scanning, what will be the response?

In IDLE scanning, the IP Identification (IPID) field is used as a side channel. The attacker uses a zombie host with a predictable IPID sequence and sends spoofed probes that appear to come from that zombie to the target. If the target port is open, the target will respond to the zombie, causing the zombie to generate or relay one more IP packet. This increases the zombie’s IPID by one. Therefore, starting from an observed IPID of 31400, the next value the zombie will emit after the probe is 31401. If the port were closed or filtered, the IPID behavior would differ (often no the same incremental response), so the open-port case specifically leads to a single increment.

If an attacker's IPID of 31400 to a zombie on an open port in IDLE scanning, what will be the response?

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

If an attacker's IPID of 31400 to a zombie on an open port in IDLE scanning, what will be the response?

Get the latest from Examzify