Which parameters are valid SCREEN options for combating operating system probes?

Which parameters are valid SCREEN options for combating operating system probes?

Which parameters are valid SCREEN options for combating operating system probes?

A.
syn-fin, syn-flood, and tcp-no-frag

B.
syn-fin, port-scan, and tcp-no-flag

C.
syn-fin, fin-no-ack, and tcp-no-frag

D.
syn-fin, syn-ack-ack-proxy, and tcp-no-frag



Leave a Reply 3

Your email address will not be published. Required fields are marked *


cipi1986

cipi1986

The right answer is C if only the option are
syn-fin, fin-no-ack, and tcp-no-flag NOT tcp-no-frag

The Bob

The Bob

Before launching an exploit, attackers might try to probe the targeted host to learn its operating system (OS). With that knowledge, they can better decide which attack to launch and which vulnerabilities to exploit. JUNOS software can block reconnaissance probes commonly used to gather information about OS types.

Both the SYN and FIN control flags are not normally set in the same TCP segment header. The SYN flag synchronizes sequence numbers to initiate a TCP connection. The FIN flag indicates the end of data transmission to finish a TCP connection. Their purposes are mutually exclusive. A TCP header with the SYN and FIN flags set is anomalous TCP behavior, causing various responses from the recipient, depending on the OS
An attacker can send a segment with both flags set to see what kind of system reply is returned and thereby determine what kind of OS is on the receiving end. The attacker can then use any known system vulnerabilities for further attacks.
When you enable this screen option, JUNOS software checks if the SYN and FIN flags are set in TCP headers. If it discovers such a header, it drops the packet.
TCP Headers With FIN Flag and Without ACK Flag
Figure 16 shows TCP segments with the FIN control flag set (to signal the conclusion of a session and terminate the connection). Normally, TCP segments with the FIN flag set also have the ACK flag set (to acknowledge the previous packet received). Because a TCP header with the FIN flag set but not the ACK flag is anomalous TCP behavior, there is no uniform response to this. The OS might respond by sending a TCP segment with the RST flag set. Another might completely ignore it. The victim’s response can provide the attacker with a clue as to its OS.(Other purposes for sending a TCP segment with the FIN flag set are to evade detection while performing address and port scans and to evade defenses on guard for a SYN flood by performing a FIN flood instead. For information about FIN scans, see FIN Scan.)
TCP Header Without Flags Set
A normal TCP segment header has at least one flag control set. A TCP segment with no control flags set is an anomalous event. Because different operating systems respond differently to such anomalies, the response (or lack of response) from the targeted device can provide a clue as to the type of OS it is running

mr_tienvu

mr_tienvu

Correct answer is C