Please study the exhibit carefully.

Which Protocol maintains the communication on that way?

Study the log below and identify the scan type.
tcpdump w host 192.168.1.10

Which of the following is a patch management utility that scans one or more computers on your network and alerts you if you important Microsoft Security patches are missing. It then provides links that enable those missing patches to be downloaded and installed.

The FIN flag is set and sent from host A to host B when host A has no more data to transmit (Closing a TCP connection). This flag releases the connection resources. However, host A can continue to receive data as long as the SYN sequence number of transmitted packets from host B are lower than the packet segment containing the set FIN flag.

Samantha has been actively scanning the client network for which she is doing a vulnerability assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What protocol is most likely to be listening on those ports?

Lori has just been tasked by her supervisor conduct vulnerability scan on the corporate network. She has been instructed to perform a very thorough test of the network to ensure that there are no security holes on any of the machines. Lori’s company does not own any commercial scanning products, so she decides to download a free one off the Internet. Lori has never done a vulnerability scan before, so she is unsure of some of the settings available in the software she downloaded. One of the option is to choose which ports that can be scanned. Lori wants to do exactly what her boos has told her, but she does not know ports should be scanned.

If Lori is supposed to scan all known TCP ports, how many ports should she select in the software?

Bob is a Junior Administrator at ABC.com is searching the port number of POP3 in a file.
The partial output of the file is look like:
In which file he is searching?

One of the ways to map a targeted network for live hosts is by sending an ICMP ECHO request to the broadcast or the network address. The request would be broadcasted to all hosts on the targeted network. The live hosts will send an ICMP ECHO Reply to the attacker source IP address.

You send a ping request to the broadcast address 192.168.5.255.

[root@ceh/root]# ping -b 192.168.5.255

WARNING: pinging broadcast address

PING 192.168.5.255 (192.168.5.255) from 192.168.5.1 : 56(84) bytes of data.

64 bytes from 192.168.5.1: icmp_seq=0 ttl=255 time=4.1 ms

64 bytes from 192.168.5.5: icmp_seq=0 ttl=255 time=5.7 ms

—

—

—

There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why?

The following excerpt is taken from a honeyput log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. Study the log given below and answer the following question:

(Note: The objective of this questions is to test whether the student has learnt about passive OS fingerprinting (which should tell them the OS from log captures): can they tell a SQL injection attack signature; can they infer if a user ID has been created by an attacker and whether they can read plain source destination entries from log entries.)

What can you infer from the above log?

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.