312-50V10 · Question #154
What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the p
The correct answer is B. Firewalking. Firewalking uses TTL manipulation similar to traceroute to probe a packet-filtering firewall and determine which ports and protocols are permitted to pass through to the protected network.
Question
What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall.
Options
- ASession hijacking
- BFirewalking
- CMan-in-the middle attack
- DNetwork sniffing
How the community answered
(38 responses)- B95% (36)
- C3% (1)
- D3% (1)
Why each option
Firewalking uses TTL manipulation similar to traceroute to probe a packet-filtering firewall and determine which ports and protocols are permitted to pass through to the protected network.
Session hijacking involves taking over an already-established communication session between two hosts by injecting or predicting sequence numbers, not probing firewall rules to discover allowed ports.
Firewalking crafts packets with an IP TTL value set to expire exactly one hop beyond the firewall, then analyzes the resulting ICMP time-exceeded messages to infer the firewall's rule set. If a port is open, the packet is forwarded and a TTL-exceeded message returns from the next hop; if blocked, no response or an ICMP admin-prohibited message is received. This technique enables an attacker to map firewall access control rules without establishing a direct connection to any host on the protected inside network.
A man-in-the-middle attack positions the attacker between two communicating parties to intercept or alter traffic, which is fundamentally different from enumerating firewall packet-filtering rules.
Network sniffing passively captures and inspects packets already present on a network segment and does not involve actively probing a firewall to discover which types of packets are permitted through.
Concept tested: Firewalking technique for firewall rule enumeration
Source: https://owasp.org/www-community/attacks/Firewalking
Topics
Community Discussion
No community discussion yet for this question.