What is a key risk when using a fast TCP SYN scanning tool like ScanRand?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What is a key risk when using a fast TCP SYN scanning tool like ScanRand?

Explanation:
When you fire off a fast TCP SYN scan, you’re effectively flooding the target with connection attempts. Each SYN that gets a SYN-ACK and isn’t followed by a full handshake ties up resources for a moment. TCP stacks keep a backlog of half-open connections; if a flood arrives faster than the system can process and clear them, the backlog fills up. That can cause legitimate connections to be dropped or delayed, and in extreme cases bring down or seriously degrade services. So the main risk is that rapid SYN scanning can induce a denial of service on the target. The other options don’t fit: a SYN scan doesn’t bypass authentication, it isn’t true that it can never crash services, and it doesn’t encrypt traffic.

When you fire off a fast TCP SYN scan, you’re effectively flooding the target with connection attempts. Each SYN that gets a SYN-ACK and isn’t followed by a full handshake ties up resources for a moment. TCP stacks keep a backlog of half-open connections; if a flood arrives faster than the system can process and clear them, the backlog fills up. That can cause legitimate connections to be dropped or delayed, and in extreme cases bring down or seriously degrade services. So the main risk is that rapid SYN scanning can induce a denial of service on the target. The other options don’t fit: a SYN scan doesn’t bypass authentication, it isn’t true that it can never crash services, and it doesn’t encrypt traffic.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy