ECCouncil Updated EC0-350 Exam Questions and Answers by hubert

When a cracker knows what OS and Services you use he also knows which exploits might work on your system. If he would have to try all possible exploits for all possible Operating Systems and Services it would take too long time and the possibility of being detected increases.

Rootkits are tools that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

A hacker can send an IP packet to a vulnerable machine such that the lastfragment contains an offest where (IP offset *8) + (IP data length)>65535.This means that when the packet is reassembled, its total length is largerthan the legal limit, causing buffer overruns in the machine's OS (becousethe buffer sizes are defined only to accomodate the maximum allowed size ofthe packet based on RFC 791)...IDS can generally recongize such attacks bylooking for packet fragments that have the IP header's protocol field set to1 (ICMP), the last bit set, and (IP offset *8) +(IP data length)>65535" CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 414 "Ping of Death" attacks cause systems to react in an unpredictable fashion when receiving oversized IP packets. TCP/IP allows for a maximum packet size of up to 65536 octets (1 octet = 8 bits of data), containing aminimum of 20 octets of IP header information and zero or more octets ofoptional information, with the rest of the packet being data. Ping of Deathattacks can cause crashing, freezing, and rebooting.