What is the purpose of NMAP's badsum scans?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What is the purpose of NMAP's badsum scans?

Explanation:
Malformed-packet handling is the idea behind this scan. NMAP’s badsum probe sends TCP segments with deliberately invalid checksums to see how the path treats malformed traffic. Some firewalls or intrusion prevention systems in-line will validate or rewrite traffic differently from a host that isn’t behind such devices, so the way those bad packets are responded to (or not responded to) reveals the presence of a filtering device in the path. This behavior helps distinguish environments with a firewall/IPS from those without, rather than directly identifying open ports, the operating system, or user accounts.

Malformed-packet handling is the idea behind this scan. NMAP’s badsum probe sends TCP segments with deliberately invalid checksums to see how the path treats malformed traffic. Some firewalls or intrusion prevention systems in-line will validate or rewrite traffic differently from a host that isn’t behind such devices, so the way those bad packets are responded to (or not responded to) reveals the presence of a filtering device in the path. This behavior helps distinguish environments with a firewall/IPS from those without, rather than directly identifying open ports, the operating system, or user accounts.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy