When conducting a vulnerability assessment, which method would best assist a penetration tester in evading detection by a network-based anomaly detection system?
Performing a full connect scan with default settings
Fragmented packet scanning is a technique used to split the crafted packets into smaller pieces, potentially evading detection by making the traffic appear less suspicious to anomaly detection systems that are expecting larger packets indicative of a scan or attack. On the other hand, performing a full connect scan without any modifications can be easily detected due to the establishment of a full TCP connection. While using common ports may help evade some simplistic forms of detection, it is less effective against anomaly detection systems. ICMP echo requests are typically used for simple host discovery and are not as effective for evading sophisticated detection systems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a fragmented packet scan and how does it work?
Open an interactive chat with Bash
What is the difference between a full connect scan and a half-open scan?
Open an interactive chat with Bash
Why might using common ports be inadequate for evading detection?