While analyzing suspicious network activity, you observe a slow, stealthy scanning technique that is difficult to trace back to the attacker. Which scenario best describes the scanning technique being used?
A.
The attacker sends FIN packets to infer port states based on responses
B.
The attacker uses a “zombie” machine to perform scans, hiding their true identity
C.
The attacker performs full TCP connect scans on all ports
According to the CEH Network Scanning module, Idle Scanning (Zombie Scanning) is one of the most stealthy reconnaissance techniques. In this method, the attacker uses an idle third-party host (zombie) to probe the target indirectly.
Because all scan packets appear to originate from the zombie system, the true attacker remains hidden. CEH highlights that idle scans:
Are extremely stealthy
Generate minimal traffic from the attacker
Make attribution very difficult
Option B is correct.
Option A (FIN scan) is stealthy but still traceable.
Option C is noisy and easily detected.
Option D describes a Xmas scan, which is detectable.
CEH classifies idle scanning as one of the hardest scanning techniques to trace.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit