You are conducting an IdleScan manually using Hping2. During the scanning process, you notice that almost every query increments the IPID – regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Which of the following options would be a possible reason?
A.
Hping2 cannot be used for idlescanning
B.
The zombie you are using is not truly idle
C.
These ports are actually open on the target system
D.
A stateful inspection firewall is resetting your queries
Explanation:
If the IPID is incremented by more than the normal increment for this type of system it means that the system is interacting with some other system beside yours and has sent packets to an unknown host between the packets destined for you.