Certified Ethical Hacker (CEH v12) — Question 191

A Certified Ethical Hacker (CEH) is analyzing a target network. To do this, he decides to utilize an IDLE/IPID header scan using Nmap. The network analysis reveals that the IPID number increases by 2 after following the steps of an IDLE scan. Based on this information, what can the CEH conclude about the target network?

Answer options

• A. The ports on the target network are open
• B. The target network has no firewall present
• C. The ports on the target network are closed
• D. The target network has a stateful firewall present

Correct answer: A

Explanation

The increase in the IPID number indicates that the target network's ports are open, as this is a typical result of an IDLE scan when responses are received. Option B is incorrect because a firewall would usually prevent such a response. Option C is wrong since closed ports would not cause an IPID increment, and Option D does not align with the findings, as a stateful firewall would likely not allow such traffic patterns.