what will be the response?

If an attacker’s computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response?

If an attacker’s computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response?

A.
31400

B.
31402

C.
The zombie will not send a response

D.
31401

Show Hint

Leave a Reply 6

Your email address will not be published. Required fields are marked *

cristina

cristina

the correct answer here is B. 31402

Reply

rednael

rednael

Well… It doesn’t say that the victim has an open port, just that the zombie has an open port. 🙂

Reply

Me

Me

Answer is B

(+1) for CLOSED port
(+2) for an OPEN port
FILTERED ports would also be ‘+1’, same as closed ports

http://nmap.org/book/idlescan.html

Reply

Eddie Guerrero

Eddie Guerrero

That is only true if you actually scanned THROUGH the zombie, to a target. Here, the question is not asking you that, it’s asking you about your connection TO THE ZOMBIE ITSELF!

(+1) for an OPEN port on Zombie
(no response) for a CLOSED port on Zombie

So the answer is correct, as Rednael is indicating.

Reply

manto

manto

DDDDDDDDDDDDDDD

Reply

Ze

Ze

a +2 option is available if we are talking about an attacker is using a spoofed IP address to check another target machine, and in this case there is no spoofed IP addresses in the above scenario, so it will be a +1 since the port is open

Reply