nerdexam
EC-Council

312-50V10 · Question #495

You've just discovered a server that is currently active within the same network with the machine you recently compromised. You ping it but it did not respond. What could be the case?

The correct answer is C. ICMP could be disabled on the target server. A server that is active but does not respond to ping is almost certainly blocking ICMP echo requests, which is a common firewall or OS-level security hardening configuration.

Scanning Networks

Question

You've just discovered a server that is currently active within the same network with the machine you recently compromised. You ping it but it did not respond. What could be the case?

Options

  • ATCP/IP doesn't support ICMP
  • BARP is disabled on the target server
  • CICMP could be disabled on the target server
  • DYou need to run the ping command with root privileges

How the community answered

(55 responses)
  • A
    2% (1)
  • B
    7% (4)
  • C
    89% (49)
  • D
    2% (1)

Why each option

A server that is active but does not respond to ping is almost certainly blocking ICMP echo requests, which is a common firewall or OS-level security hardening configuration.

ATCP/IP doesn't support ICMP

ICMP is a core component of the TCP/IP protocol suite as defined in RFC 792 and is fully supported by all standard TCP/IP implementations.

BARP is disabled on the target server

ARP operates at Layer 2 for MAC address resolution and its state does not directly prevent a host from processing or responding to ICMP packets once a Layer 3 path exists.

CICMP could be disabled on the target serverCorrect

Ping operates using ICMP Echo Request and Echo Reply messages (ICMP type 8 and type 0). Many operating systems and firewalls are configured to drop or ignore incoming ICMP requests as a security measure to prevent network reconnaissance, causing the host to appear offline even when it is fully operational.

DYou need to run the ping command with root privileges

Standard ping implementations on most operating systems do not require root or administrator privileges to send basic ICMP echo requests.

Concept tested: ICMP blocking as a host reconnaissance evasion technique

Source: https://www.rfc-editor.org/rfc/rfc792

Topics

#ICMP#ping#host discovery#network scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice