A malicious user has connected to your system and learned the specifics of your operating system, including its current patch levels and the operating system name. What is the term for this type of scanning attack?
A.
SYN detection
1D0-470
B.
TCP priming
C.
Cache poisoning
D.
Stack fingerprinting
Explanation:
Several new tools have been made available on the Internet that to a high degree of accuracy can tell the operating system of a host just by examining subtle details in the way the TCP/IP stack was implemented within that operating system. This method is called TCP/IP fingerprinting. With information in regards to the flavor and version of the operating system, a hacker could look for any number of possible vulnerabilities.
Incorrect Answers:
A: SYN detection is a preventive method against SYN floods. SYN floods use inherent characteristics in the TCP/IP protocol to flood a system with network packets. Eventually, the system will not be able to respond to network packets from anyone and the target system becomes unusable.
B: There is no hacker attack method called TCP priming.
C: Cache poisoning is planned corruption of DNS records by unauthorized users. Cache poisoning is not used to retrieve information on specifics of any installed operating system.
Note: Cache poisoning occurs when malicious or misleading data received from a remote name server is saved (cached) by a gullible name server. This bad data is then made available to programs running on workstations that request the cached data through the client interface (resolver). This can adversely affect the mapping between host names and IP addresses, among other things. Once this mapping has been changed, hosts looking for legitimate DNS responses from a corrupted server can be redirected to arbitrary sites.