Certified Ethical Hacker (CEH v12) — Question 225

Consider a scenario where a Certified Ethical Hacker is attempting to infiltrate a company's network without being detected. The hacker intends to use a stealth scan on a BSD-derived TCP/IP stack, but he suspects that the network security devices may be able to detect SYN packets. Based on this information, which of the following methods should he use to bypass the detection mechanisms and why?

Answer options

• A. Maimon Scan, because it is very similar to NULL, FIN, and Xmas scans, but the probe used here is FIN/ACK
• B. Xmas Scan, because it can pass through filters undetected, depending on the security mechanisms installed
• C. TCP Connect/Full-Open Scan, because it completes a three-way handshake with the target machine
• D. ACK Flag Probe Scan, because it exploits the vulnerabilities within the BSD-derived TCP/IP stack

Correct answer: D

Explanation

The correct answer is D because the ACK Flag Probe Scan is specifically designed to exploit the vulnerabilities in the BSD-derived TCP/IP stack, allowing it to bypass detection mechanisms effectively. Options A, B, and C are not as effective in avoiding detection, as they either resemble more easily detectable scans or complete the handshake process, which is often monitored.