Certified Ethical Hacker (CEH v13) — Question 44

Consider a scenario where a Certified Ethical Hacker is attempting to infiltrate a company's network without being detected. The hacker intends to use a stealth scan on a BSD-derived TCP/IP stack, but he suspects that the network security devices may be able to detect SYN packets. Based on this information, which of the following methods should he use to bypass the detection mechanisms and why?

Answer options

• A. Maimon Scan, because it is very similar to NULL, FIN, and Xmas scans, but the probe used here is FIN/ACK
• B. Xmas Scan, because it can pass through filters undetected, depending on the security mechanisms installed
• C. TCP Connect/Full-Open Scan, because it completes a three-way handshake with the target machine
• D. ACK Flag Probe Scan, because it exploits the vulnerabilities within the BSD-derived TCP/IP stack

Correct answer: D

Explanation

The correct answer is D, as the ACK Flag Probe Scan effectively targets vulnerabilities in the BSD-derived TCP/IP stack, allowing the hacker to bypass detection mechanisms. The other options either involve more detectable methods or rely on conditions that may not be met, making them less suitable for stealthy infiltration.