nerdexam
EC-Council

312-50V10 · Question #154

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the p

The correct answer is B. Firewalking. Firewalking uses TTL manipulation similar to traceroute to probe a packet-filtering firewall and determine which ports and protocols are permitted to pass through to the protected network.

Evading IDS, Firewalls, and Honeypots

Question

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall.

Options

  • ASession hijacking
  • BFirewalking
  • CMan-in-the middle attack
  • DNetwork sniffing

How the community answered

(38 responses)
  • B
    95% (36)
  • C
    3% (1)
  • D
    3% (1)

Why each option

Firewalking uses TTL manipulation similar to traceroute to probe a packet-filtering firewall and determine which ports and protocols are permitted to pass through to the protected network.

ASession hijacking

Session hijacking involves taking over an already-established communication session between two hosts by injecting or predicting sequence numbers, not probing firewall rules to discover allowed ports.

BFirewalkingCorrect

Firewalking crafts packets with an IP TTL value set to expire exactly one hop beyond the firewall, then analyzes the resulting ICMP time-exceeded messages to infer the firewall's rule set. If a port is open, the packet is forwarded and a TTL-exceeded message returns from the next hop; if blocked, no response or an ICMP admin-prohibited message is received. This technique enables an attacker to map firewall access control rules without establishing a direct connection to any host on the protected inside network.

CMan-in-the middle attack

A man-in-the-middle attack positions the attacker between two communicating parties to intercept or alter traffic, which is fundamentally different from enumerating firewall packet-filtering rules.

DNetwork sniffing

Network sniffing passively captures and inspects packets already present on a network segment and does not involve actively probing a firewall to discover which types of packets are permitted through.

Concept tested: Firewalking technique for firewall rule enumeration

Source: https://owasp.org/www-community/attacks/Firewalking

Topics

#firewalking#firewall enumeration#packet filtering bypass#port probing

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice