what will be the response?

If an attacker’s computer sends an IPID of 24333 to a zombie (Idle Scanning) computer on a
closed port, what will be the response?

A.
The zombie computer will respond with an IPID of 24334.

B.
The zombie computer will respond with an IPID of 24333.

C.
The zombie computer will not send a response.

D.
The zombie computer will respond with an IPID of 24335.

Show Hint

← Previous question

Next question →

Leave a Reply 8

ashley

I believe the answer should be C.

Farce

I believe I can fly

miguel

Jorge

Should be C if port is Open … Option A

The correct answer:

Target Port Open ==> Zombie IPID+2
Target Port Closed or Filtered ==> Zombie IPID+1

They never mentioned about Victim PC,
Since Attacker send a SYN to Closed port on Zombie, Zombie wont send anything back to Attacker, so I guess it should be C

http://vipulchaskar.blogspot.com/2014_04_01_archive.html

However, I do see some info at :-

http://www.examcollection.com/eccouncil/ECCouncil.ActualTests.EC1-350.v2012-09-20.by.getitcert.261q.vce.file.html

========
h@ck3r

India
Feb 01, 2013
Report Comment

This dump was word by word in CEH v7 exam that I took yesterday in India and scored 96%, only one different question about some Spears Inc. getting attacked by hackers from a user’s machine who was connected to corporate VPN from his home computer. I chose option(A), which says Admin needs to disable VPN from home computers. Another question “If an attacker’s computer sends an IPID of 24333 to a zombie (Idle Scanning) computer on a closed port, what will be the response?” Answer should be 24334 because of closed port, dump tells you this value as 24335 which is in fact true in case of an open port.”
==========