You have initiated an active operating system fingerprinting attempt with nmap against a target system:[root@ceh NG]# /usr/local/bin/nmap -sT -O 10.0.0.1Starting nmap 3.28 ( www.insecure.org/nmap/) at 2003-06-18 19:14 IDT Interesting ports on 10.0.0.1:(The 1628 ports scanned but not shown below are in state: closed) Port State Service21/tcp filtered ftp 22/tcp filtered ssh 25/tcp open smtp 80/tcp open http 135/tcp open loc-srv139/tcp open netbios-ssn 389/tcp open LDAP 443/tcp open https 465/tcp open smtps 1029/tcp open ms-lsa 1433/tcp open ms-sql-s2301/tcp open compaqdiag 5555/tcp open freeciv 5800/tcp open vnc-http 5900/tcp open vnc 6000/tcp filtered X11Remote operating system guess: Windows XP, Windows 2000, NT4 or 95/98/98SE Nmap run completed -- 1 IP address (1 host up) scanned in 3.334 seconds Using its fingerprinting tests nmap is unable to distinguish between different groups of Microsoft based operating systems - Windows XP, Windows 2000, NT4 or 95/98/98SE. What operating system is the target host running based on the open ports shown above?
Answer(s): D
The system is reachable as an active directory domain controller (port 389, LDAP)
Study the log below and identify the scan type. tcpdump -vv host 192.168.1.1017:34:45.802163 eth0 < 192.168.1.1 > victim: ip-proto-117 0 (ttl 48, id 36166)17:34:45.802216 eth0 < 192.168.1.1 > victim: ip-proto-25 0 (ttl 48, id 33796)17:34:45.802266 eth0 < 192.168.1.1 > victim: ip-proto-162 0 (ttl 48, id 47066)17:34:46.111982 eth0 < 192.168.1.1 > victim: ip-proto-74 0 (ttl 48, id 35585)17:34:46.112039 eth0 < 192.168.1.1 > victim: ip-proto-117 0 (ttl 48, id 32834)17:34:46.112092 eth0 < 192.168.1.1 > victim: ip-proto-25 0 (ttl 48, id 26292)17:34:46.112143 eth0 < 192.168.1.1 > victim: ip-proto-162 0 (ttl 48, id 51058) tcpdump -vv -x host 192.168.1.1017:35:06.731739 eth0 < 192.168.1.10 > victim: ip-proto-130 0 (ttl 59, id 42060) 4500 0014 a44c0000 3b82 57b8 c0a8 010a c0a8 0109 0000 0000 0000 0000 0000 0000 0000 0000 0000 00000000 0000 0000
Why would an attacker want to perform a scan on port 137?
Microsoft encapsulates netbios information within TCP/Ip using ports 135-139. It is trivial for an attacker to issue the following command:nbtstat -A (your Ip address) from their windows machine and collect information about your windows machine (if you are not blocking traffic to port 137 at your borders).
Steve scans the network for SNMP enabled devices. Which port number Steve should scan?
Answer(s): C
The SNMP default port is 161. Port 69 is used for tftp, 150 is for SQL-NET and 169 is for SEND.
One of the ways to map a targeted network for live hosts is by sending an ICMP ECHO request to the broadcast or the network address. The request would be broadcasted to all hosts on the targeted network. The live hosts will send an ICMP ECHO Reply to the attacker source IP address.You send a ping request to the broadcast address 192.168.5.255. [root@ceh/root]# ping -b 192.168.5.255WARNING: pinging broadcast addressPING 192.168.5.255 (192.168.5.255) from 192.168.5.1 : 56(84) bytes of data.64 bytes from 192.168.5.1: icmp_seq=0 ttl=255 time=4.1 ms 64 bytes from 192.168.5.5: icmp_seq=0 ttl=255 time=5.7 ms---------There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why?
As stated in the correct option, Microsoft Windows does not handle pings to a broadcast address correctly and therefore ignores them.
Post your Comments and Discuss EC-Council 312-50 exam dumps with other Community members:
Bob Commented on May 19, 2025 Is this relevant in 2025? UNITED KINGDOM
Comeru Commented on December 04, 2024 You pass this exam with these questions. But you need to get the full version. UNITED STATES
ribrahim Commented on June 29, 2023 Done the purchase downloaded successfully thanks! SINGAPORE
Drew Commented on March 08, 2018 need step 3 download activated UNITED STATES
Josh Commented on September 18, 2017 Just paid for it ... seamless experience ... looking forward to using the program to study for the CEH and pass it with flying colors! UNITED STATES