Notes for CEH v9: Certified Ethical Hacker Version 9 Practice Tests Practice Test 1 (pp.2-25).
- ECC means Elliptic Curve Cryptography, not Error Check and Correction (e.g. ECC memory).
- Smurf attack and Fraggle attack are both using request packet for a broadcast address. Smurf attack uses ICMP Type 8 (Echo Request), while Fraggle attack uses request packet for udp/7 (echo service).
- Firewalking: For example, if the targeted gateway pass through tcp/22 and the next node of the gateway drop packets for tcp/22, you cannot distinguish whether of them dropped the packet with ordinal packet to tcp/22.
- PAP: Password Authentication Protocol. Used in PPP, as with CHAP.
- X.509: X.500 is data model(s) for directory services, e.g. LDAP. X.509 is the format of public key certificates. X.509 is also used in certificates for LDAP (it is a little confusing).
- TTL default value in different OSes (Wanted: authorized & summarized source)
- Ping of death: Found in 1996.
- Melissa: This book (Practice Test1, Q.21) misprinted the name of this macro virus ("Melisa"). I think Melissa and I LOVE YOU (worm) are both very infectious, but this book says Melissa is more infectious.
- Ncat: included in nmap package.
- XMAS scan: Sets FIN, PSH, and URG flags. Responce will be RST packet on closed ports (Windows returns RST packet also on opened ports).
- Flags in TCP Header: CWR, ECE, URG, ACK, PSH, RST, SYN, FIN. XMAX scan becomes 00101001.
