What does a Maimon scan reveal about certain BSD-derived TCP stacks when port is closed?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What does a Maimon scan reveal about certain BSD-derived TCP stacks when port is closed?

Explanation:
When a TCP stack receives a probe to a port that isn’t listening, the expected behavior is to reset the connection by sending a reset segment (RST). BSD-derived TCP stacks have a characteristic in this situation: they reliably respond with a RESET when the port is closed. The Maimon scan exploits that exact reaction to fingerprint the target’s stack. By sending a probe to a known closed port and observing a RST, you can identify the target as BSD-derived because this RST response pattern is distinctive for those stacks. Other stacks might ignore the probe, reply with a SYN-ACK (which would imply the port is open), or behave differently, so the presence of a RESET to a closed-port probe is the telltale sign.

When a TCP stack receives a probe to a port that isn’t listening, the expected behavior is to reset the connection by sending a reset segment (RST). BSD-derived TCP stacks have a characteristic in this situation: they reliably respond with a RESET when the port is closed. The Maimon scan exploits that exact reaction to fingerprint the target’s stack. By sending a probe to a known closed port and observing a RST, you can identify the target as BSD-derived because this RST response pattern is distinctive for those stacks. Other stacks might ignore the probe, reply with a SYN-ACK (which would imply the port is open), or behave differently, so the presence of a RESET to a closed-port probe is the telltale sign.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy