Which of the following options would be a possible reason?
You are conducting an IdleScan manually using Hping2. During the scanning process, you notice that almost every query increments the IPID – regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Which of the following options would be a possible reason?
How can you modify your scan to prevent triggering this event in the IDS?
While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitors. How can you modify your scan to prevent triggering this event in the IDS?
During what phase of the penetration test would you normally discover this?
While doing a penetration test, you discover that the organization is using one domain for web publishing and another domain for administration and business operations. During what phase of the penetration test would you normally discover this?
What technique could Harold use to sniff his agency's switched network?
Harold is the senior security analyst for a small state agency in New York.He has no other security professionals that work under him, so he has to do all the security-related tasks for the agency.Coming from a computer hardware background, Harold does not have a lot of experience with security methodologies and technologies, but he was the only one who applied for the position.
Harold is currently trying to run a Sniffer on the agency’s network to get an idea of what kind of traffic is being passed around, but the program he is using does not seem to be capturing anything.He pours through the Sniffer’s manual, but cannot find anything that directly relates to his problem.Harold decides to ask the network administrator if he has any thoughts on the problem.Harold is told that the Sniffer was not working because the agency’s network is a switched network, which cannot be sniffed by some programs without some tweaking.
What technique could Harold use to sniff his agency’s switched network?
What is this masking technique called?
The terrorist organizations are increasingly blocking all traffic from North America or from Internet Protocol addresses that point back to users who rely on the English language.
Hackers sometimes set a number of criteria for accessing their website. This information is shared among the co-hackers. For example if you are using a machine with the Linux operating system and the Netscape browser then you will have access to their website in a covert way. When federal investigators using PCs running Windows and using Internet Explorer visited the hackers’ shared site, the hackers’ system immediately mounted a distributed denial-of-service attack against the federal system.
Companies today are engaging in tracking competitors’ through reverse IP address lookup sites like whois.com, which provide an IP address’s domain. When the competitor visits the companies website they are directed to a products page without discount and prices are marked higher for their product. When normal users visit the website they are directed to a page with full-blown product details along with attractive discounts. This is based on IP-based blocking, where certain addresses are barred from accessing a site.
What is this masking technique called?
With your given knowledge of users, likely user account names and the possibility that they will choose the ea
You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters.
With your given knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values to get results?
Why did the 14 character passwords not take much longer to crack than the 8 character passwords?
Harold works for Jacobson Unlimited in the IT department as the security manager. Harold has created a security policy requiring all employees to use complex 14 character passwords. Unfortunately, the members of management do not want to have to use such long complicated passwords so they tell Harold’s boss this new password policy should not apply to them. To comply with the management’s wishes, the IT department creates another Windows domain and moves all the management users to that domain. This new domain has a password policy only requiring 8 characters.
Harold is concerned about having to accommodate the managers, but cannot do anything about it. Harold is also concerned about using LanManager security on his network instead of NTLM or NTLMv2, but the many legacy applications on the network prevent using the more secure NTLM and NTLMv2. Harold pulls the SAM files from the DC’s on the original domain and the new domain using Pwdump6.
Harold uses the password cracking software John the Ripper to crack users’ passwords to make sure they are strong enough.?Harold expects that the users’ passwords in the original domain will take much longer to crack than the management’s passwords in the new domain. After running the software, Harold discovers that the 14 character passwords only took a short time longer to crack than the 8 character passwords.
Why did the 14 character passwords not take much longer to crack than the 8 character passwords?
Hping2 is a powerful packet crafter tool that can be used to penetrate firewalls by creating custom TCPWhat do
Hping2 is a powerful packet crafter tool that can be used to penetrate firewalls by creating custom TCP
What does the following command do?
CEH# hping2 -I eth0 -a 10.0.0.6 -s 1037 -p 22 –syn -c 1 -d 0xF00 –setseq 0x0000000f 192.168.0.9
What is this process known as?
You are attempting to map out the firewall policy for an organization. You discover your target system is one hop beyond the firewall. Using hping2, you send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024. What is this process known as?
What is the best way to undermine the social engineering activity of tailgating?
Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?