GIAC Certified Forensic Analyst (GCFA) — Question 17

TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop the packet. Which of the following operating systems can be easily identified with the help of TCP FIN scanning?

Answer options

• A. Solaris
• B. Red Hat
• C. Knoppix
• D. Windows

Correct answer: D

Explanation

The correct answer is D, as Windows operating systems exhibit a distinct behavior in response to FIN packets, making them easily identifiable through TCP FIN scanning. In contrast, Solaris, Red Hat, and Knoppix may respond differently, thus complicating the identification process using this scanning technique.