Which of the following steps are required in an idle scan of a closed port?

Which of the following steps are required in an idle scan of a closed port?
Each correct answer represents a part of the solution. Choose all that apply.

Which of the following steps are required in an idle scan of a closed port?
Each correct answer represents a part of the solution. Choose all that apply.

A.
The attacker sends a SYN/ACK to the zombie.

B.
The zombie’s IP ID increases by only 1.

C.
In response to the SYN, the target sends a RST.

D.
The zombie ignores the unsolicited RST, and the IP ID remains unchanged.

E.
The zombie’s IP ID increases by 2.

Explanation:

Following are the steps required in an idle scan of a closed port:
1.Probe the zombie’s IP ID: The attacker sends a SYN/ACK to the zombie. The zombie, unaware
of the SYN/ACK, sends back a RST, thus disclosing its IP ID.

2.Forge a SYN packet from the zombie: In response to the SYN, the target sends a RST. The
zombie ignores the unsolicited RST, and the IP ID remains unchanged.

3.Probe the zombie’s IP ID again: The zombie’s IP ID has increased by only 1 since step 1. So the
port is closed.



Leave a Reply 0

Your email address will not be published. Required fields are marked *