Which statement best describes Idle scan (-sI) and its prerequisites/risks?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Nmap and ZenMap Tests. Access flashcards and multiple choice questions, with hints and explanations for each question. Ensure success in your exam!

Multiple Choice

Which statement best describes Idle scan (-sI) and its prerequisites/risks?

Explanation:
Idle scan relies on a zombie host’s IPID side-channel to infer port states on a target. The attacker spoofs traffic so the target’s responses appear to come from the zombie, and by watching how the zombie’s IPID changes, the tester can deduce which ports are open. This needs a zombie with a predictable IPID sequence and a network path that allows IP spoofing, plus a trustworthy environment because the technique can be stealthy and potentially violate laws or policy. It’s more complex and potentially intrusive than ordinary scans, and in many setups it’s not legal or permissible. In short, idle scan uses a zombie’s IPID behavior as a timing side-channel to reveal open ports, rather than direct probing from the tester or using other methods like DNS timing or banner reading.

Idle scan relies on a zombie host’s IPID side-channel to infer port states on a target. The attacker spoofs traffic so the target’s responses appear to come from the zombie, and by watching how the zombie’s IPID changes, the tester can deduce which ports are open. This needs a zombie with a predictable IPID sequence and a network path that allows IP spoofing, plus a trustworthy environment because the technique can be stealthy and potentially violate laws or policy. It’s more complex and potentially intrusive than ordinary scans, and in many setups it’s not legal or permissible. In short, idle scan uses a zombie’s IPID behavior as a timing side-channel to reveal open ports, rather than direct probing from the tester or using other methods like DNS timing or banner reading.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy