Check all of the following that could be a likely cause of the lack of response?
Jack is conducting a port scan of a target network. He knows that his target network has a web server and that a mail server is up and running. Jack has been sweeping the network but has not been able to get any responses from the remote target. Check all of the following that could be a likely cause of the lack of response?
?What would be considered passive scanning?
You have been charged with performing a number of security tests against a partner organization in Australia. Your boss, who is in charge of your company and the partner company’s IT departments, wants you to run tests just like an outside hacker would against their network. He also wants you to perform all of your tests without tipping off the IT department at the partner company. You have no knowledge of the partner company’s systems other than their name and their external website. You decide to perform some passive scanning so as not to tip off anyone at the partner company.?
What would be considered passive scanning?
A file integrity program such as Tripwire protects against Trojan horse attacks by:
A file integrity program such as Tripwire protects against Trojan horse attacks by:
What attacks can you successfully launch against a server using the above technique?
After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen, and then opens a second connection from a forged IP address. The attack doesn’t see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP address is used for authentication, then the attacker can use the one-sided communication to break into the server.
What attacks can you successfully launch against a server using the above technique?
How could you use a web server to help in identifying the OS that is being used?
John has performed a scan of the web server with NMAP but did not gather enough information to accurately identify which operating system is running on the remote host. How could you use a web server to help in identifying the OS that is being used?
What is the hacker trying to accomplish here?
John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the logfiles to investigate the attack.
Take a look at the following Linux logfile snippet. The hacker compromised and “owned” a Linux machine. What is the hacker trying to accomplish here?
[root@apollo /]# rm rootkit.c
root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/portmap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm – rf /usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/por359 ? 00:00:00 inetd 59 ? 00:00:00 inetd
m: cannot remove `/tmp/h’: No such file or directory
m: cannot remove `/usr/sbin/rpc.portmap’: No such file or directory [root@apollo /]# ps -aux | grep portmap
root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/portmap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm – rf /usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/por359 ? 00:00:00 inetd
m: cannot remove `/sbin/portmap’: No such file or directory
m: cannot remove `/tmp/h’: No such file or directory
>rm: cannot remove `/usr/sbin/rpc.portmap’: No such file or directory root@apollo /]# rm: cannot remove `/sbin/portmap’: No such file or directory
What do you think is the most likely reason behind this?
A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchange which carries user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging on. What do you think is the most likely reason behind this?
Which of the following LM hashes represents a password of less than 8 characters?
Which of the following LM hashes represents a password of less than 8 characters?
What attack is depicted in the e-mail?
Study the following e-mail message.
Dear SuperShopper valued member,
Due to concerns, for the safety and integrity of the SuperShopper community we have issued this warning message. It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof reports.
If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to update your records will result to your account cancellation. This notification expires within 24 hours.
Once you have updated your account records your SuperShopper will not be interrupted and will continue as normal.
Please follow the link below and renew your account information.
https://www.supershopper.com/cgi-bin/webscr?cmd=update-run
SuperShopper Technical Support
http://www.supershopper.com
The link takes you to an address like: http://hacker.xsecurity.com/in.htm. Note that hacker.xsecurity.com is not an official SuperShopper site!
What attack is depicted in the e-mail?