GIAC Exam GPEN Topic 7 Question 69 Discussion

Actual exam question for GIAC's GPEN exam

Question #: 69
Topic #: 7

[All GPEN Questions]

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we-aresecure. com Web site. For this, you want to perform the idle scan so that you can get the ports open in the we-are-secure.com server. You are using Hping tool to perform the idle scan by using a zombie computer. While scanning, you notice that every IPID is being incremented on every query, regardless whether the ports are open or close. Sometimes, IPID is being incremented by more than one value. What may be the reason?

AThe zombie computer is the system interacting with some other system besides your comp uter.

BThe firewall is blocking the scanning process.

CThe zombie computer is not connected to the we-are-secure.com Web server.

DHping does not perform idle scanning.

Show Suggested Answer

Suggested Answer: C

by Herminia at Mar 20, 2025, 10:22 PM

Limited Time Offer

25%

Off

Get Premium GPEN Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lynelle

1 months ago

Zombie computer, huh? Sounds like this penetration test is more like a haunted house than an audit.

upvoted 0 times

...

Yuette

1 months ago

Hping not doing idle scanning? That's like saying a screwdriver can't screw in screws. I'm pretty sure that's not the issue here.

upvoted 0 times

Amira

2 days ago

B) The firewall is blocking the scanning process.

upvoted 0 times

...

Tammara

6 days ago

A) The zombie computer is the system interacting with some other system besides your computer.

upvoted 0 times

...

Theresia

7 days ago

B) The firewall is blocking the scanning process.

upvoted 0 times

...

Diane

16 days ago

A) The zombie computer is the system interacting with some other system besides your computer.

upvoted 0 times

...

Maryann

1 months ago

Wait, so the zombie computer isn't even connected to the target server? That's a pretty big problem for the idle scan to work. Gotta be option C.

upvoted 0 times

Douglass

4 days ago

Looks like we need to make sure the zombie computer is properly connected to the we-are-secure.com server for the idle scan to be effective.

upvoted 0 times

...

Rosalia

13 days ago

That's true, option C seems to be the most likely reason for the IPID incrementing regardless of open ports.

upvoted 0 times

...

Rhea

21 days ago

Yeah, if the zombie computer isn't connected to the target server, then the idle scan won't work.

upvoted 0 times

...

Izetta

2 months ago

Nah, the firewall blocking the scan wouldn't cause the IPID to increment in that way. I think you're on the right track with the zombie computer being the issue.

upvoted 0 times

Wenona

8 days ago

A) The zombie computer is the system interacting with some other system besides your computer.

upvoted 0 times

...

Bette

13 days ago

B) The firewall is blocking the scanning process.

upvoted 0 times

...

Lettie

15 days ago

A) The zombie computer is the system interacting with some other system besides your computer.

upvoted 0 times

...

Felix

2 months ago

But what if the firewall is blocking the scanning process? Could that also be a reason?

upvoted 0 times

...

Charlette

2 months ago

Hmm, if the IPID is incrementing even for closed ports, it sounds like the zombie computer is interacting with something else besides the target server. I'd go with option A.

upvoted 0 times