You are manually conducting Idle Scanning using Hping2. During your scanning you notice that
almost every query increments the IPID regardless of the port being queried. One or two of the
queries cause the IPID to increment by more than one value. Why do you think this occurs?

While performing ping scans into a target network you get a frantic call from the organization’s
security team. They report that they are under a denial of service attack. When you stop your
scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you
modify your scan to prevent triggering this event in the IDS?

Neil notices that a single address is generating traffic from its port 500 to port 500 of several other
machines on the network. This scan is eating up most of the network bandwidth and Neil is
concerned. As a security professional, what would you infer from this scan?

A distributed port scan operates by:

An nmap command that includes the host specification of 202.176.56-57.* will scan _______
number of hosts.

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of
the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets
had an ICMP ID:0 and Seq:0. What can you infer from this information?

Which of the following commands runs snort in packet logger mode?

Which of the following command line switch would you use for OS detection in Nmap?

You have initiated an active operating system fingerprinting attempt with nmap against a target
system:

What operating system is the target host running based on the open ports shown above?

Why would an attacker want to perform a scan on port 137?