Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address.
Which of the following Nmap commands helped Jim retrieve the required information?
To identify Ethernet/IP devices and gather detailed information such as the vendor name, product code and name, device name, and IP address, the appropriate Nmap command would use the enip-info script targeting port 44818. Ethernet/IP is commonly used in industrial systems and operates on UDP port 44818. The command 'nmap -Pn -sU -p 44818 --script enip-info < Target IP >' will achieve this by sending requests specific to the Ethernet/IP protocol and parsing the responses to extract the required data.
I would go with B as it scans on port 44818. Here is the explanation from "Nmap: Network Exploration and Security Auditing Cookbook - Second Edition", By Paulino Calderon - May 2017 : Enumerating Ethernet/IP devices Ethernet/IP is a very popular protocol used in industrial systems that uses Ethernet as the transport layer and CIP for providing services and profiles needed for the applications. Ethernet/IP devices by several vendors usually operate on UDP port 44818 and we can gather information such as vendor name, product name, serial number, device type, product code, internal IP address, and version.
enip-info: This NSE script is used to send a EtherNet/IP packet to a remote device that has TCP 44818 open. The script will send a Request Identity Packet and once a response is received, it validates that it was a proper response to the command that was sent, and then will parse out the data. Information that is parsed includes Device Type, Vendor ID, Product name, Serial Number, Product code, Revision Number, status, state, as well as the Device IP. so it scans that ports auto.
In here it says TCP 44818, but in the scan it is -sU
In here it says TCP 44818, but in the scan it is -sU
Based on https://nmap.org/nsedoc/scripts/enip-info.html Must be B.
The problem is that the question says -sU which means UDP scan, but the referred link shows the enip script uses port 102/TCP. the answer C is a scada port, which is IoT also the D: The s7-info gives something similar result So in summary, this question is a mess, I couldn't guess a good answer.
enip-info script is indeed using port 44818. In addition it provide all the information required in the question. While s7-info is targeting specific vendor - Siemens.
enip-info script is indeed using port 44818. In addition it provide all the information required in the question. While s7-info is targeting specific vendor - Siemens.
Scanning Ethernet/IP Devices nmap -Pn -sU -p 44818 --script enip-info <Target IP> # Ethernet/IP is a popular protocol implemented by many industrial networks. Ethernet/IP uses Ethernet as a transport layer protocol, and CIP is used to provide services for industrial applications. This protocol operates on UDP port number 44818.Attackers can gather information such as the name of the vendor, product code and name, device name, IP address, etc. (P.2754/2738)
OT - port 44818
correct
The correct answer is B. In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits
The correct answer is B. In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits.
a sneaky trick question they are ALL valid scan commands against SCADA type systems but only one of them achieves the general purpose broad sweep for open ports needed here...
sorry disregard that...there is one command there that could meet all the stated demands of the scenario (the reference to the various device info AND Ethernet/IP device info IS specific) ans = B
-p102 and s7-info is only about Siemens PLc, 44818 is about several vendors. I would go B.
Scanning Ethernet/IP Devices nmap -Pn -sU -p 44818 --script enip-info <Target IP> Ethernet/IP is a popular protocol implemented by many industrial networks. Ethernet/IP uses Ethernet as a transport layer protocol, and CIP is used to provide services for industrial applications. This protocol operates on UDP port number 44818. Using the above command, attackers can gather information such as the name of the vendor, product code and name, device name, IP address, etc.