Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
EC-Council
Snort Output Question From Walker Practice Book
IronmanX
Snort Output Question
basically the question has
190.168.5.12:33541 -> 213.132.44.56:23
***A**S* ...........
TCP Options (4) => MSS:1460 NOP NOPSackOK
..........................
...............
....
Answers:
A. The capture indicates a NOP sled attack
B. The packet shows step 2 of a TCP handshake
C. The packet source is 213.132.44.56
D. Shows an SSH session attempt.
So I picked "A" NOP Sled. Even though I know a NOP sled would have way more NOPs (The idea being to NOP past the buffer limit)
The book says B is correct. How can this be? Why would a client (port 33541) being sending a Syn/Ack to a server (port 23 telnet)????
Am i correct in my logic or am I missing something?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
There are no comments yet
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
