Destination unreachable administratively prohibited messages can inform the hacker to what?

What type of port scan is shown below?

Exhibit

You receive an e-mail with the message displayed in the exhibit.

From this e-mail you suspect that this message was sent by some hacker since you have using their e-mail services for the last 2 years and they never sent out an e-mail as this. You also observe the URL in the message and confirm your suspicion about 340590649. You immediately enter the following at the Windows 2000 command prompt.

ping 340590649

You get a response with a valid IP address. What is the obstructed IP address in the e-mail URL?

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

Study the snort rule given below:

From the options below, choose the exploit against which this rule applies.

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers.

Maurine is working as a security consultant for Hinklemeir Associate. She has asked the Systems Administrator to create a group policy that would not allow null sessions on the network. The Systems Administrator is fresh out of college and has never heard of null sessions and does not know what they are used for. Maurine is trying to explain to the Systems Administrator that hackers will try to create a null session when footprinting the network.

Why would an attacker try to create a null session with a computer on a network?

Exhibit:

The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack?

System Administrators sometimes post questions to newsgroups when they run into technical challenges. As an ethical hacker, you could use the information in newsgroup posting to glean insight into the makeup of a target network. How would you search for these posting using Google search?

home/root # traceroute www.targetcorp.com <http://www.targetcorp.com>

traceroute to www.targetcorp.com <http://www.targetcorp.com>

(192.168.12.18), 64 hops may, 40 byte packets

1 router.anon.com (192.13.212.254) 1.373 ms 1.123 ms 1.280 ms

2 192.13.133.121 (192.13.133.121) 3.680 ms 3.506 ms 4.583 ms

3 firewall.anon.com (192.13.192.17) 127.189 ms 257.404 ms 208.484 ms

4 anon-gw.anon.com (192.93.144.89) 471.68 ms 376.875 ms 228.286 ms

5 fe5-0.lin.isp.com (192.162.231.225) 2.961 ms 3.852 ms 2.974 ms

6 fe0-0.lon0.isp.com (192.162.231.234) 3.979 ms 3.243 ms 4.370 ms

7 192.13.133.5 (192.13.133.5) 11.454 ms 4.221 ms 3.333 ms

6 * * *

7 * * *

8 www.targetcorp.com <http://www.targetcorp.com> (192.168.12.18) 5.392

ms 3.348 ms 3.199 ms

Use the traceroute results shown above to answer the following question:

The perimeter security at targetcorp.com does not permit ICMP TTL-expired packets out.