nerdexam
EC-Council

312-50V10 · Question #612

Destination unreachable administratively prohibited messages can inform the hacker to what?

The correct answer is D. That a router or other packet-filtering device is blocking traffic. An ICMP Destination Unreachable - Administratively Prohibited message reveals that a router or packet-filtering device is actively blocking the scanned traffic via an access control policy.

Scanning Networks

Question

Destination unreachable administratively prohibited messages can inform the hacker to what?

Options

  • AThat a circuit level proxy has been installed and is filtering traffic
  • BThat his/her scans are being blocked by a honeypot or jail
  • CThat the packets are being malformed by the scanning software
  • DThat a router or other packet-filtering device is blocking traffic
  • EThat the network is functioning normally

How the community answered

(35 responses)
  • A
    3% (1)
  • B
    9% (3)
  • C
    3% (1)
  • D
    80% (28)
  • E
    6% (2)

Why each option

An ICMP Destination Unreachable - Administratively Prohibited message reveals that a router or packet-filtering device is actively blocking the scanned traffic via an access control policy.

AThat a circuit level proxy has been installed and is filtering traffic

A circuit-level proxy operates at the session layer and handles or silently drops connections rather than generating ICMP administratively prohibited messages.

BThat his/her scans are being blocked by a honeypot or jail

Honeypots and jails are designed to simulate open services and engage attackers, not to emit ICMP administrative prohibition responses.

CThat the packets are being malformed by the scanning software

Malformed packets from scanning software would cause parsing or checksum errors at the destination, not trigger an ICMP administratively prohibited response from a network device.

DThat a router or other packet-filtering device is blocking trafficCorrect

ICMP Type 3 Code 13 is generated specifically by routers and stateless packet-filtering devices when an ACL or firewall ruleset drops a packet due to an administrative policy, as defined in RFC 1812. Unlike a silent drop, this response leaks the presence of a filtering device to the attacker. It distinguishes policy-based blocking from routing failures, giving the attacker actionable reconnaissance data.

EThat the network is functioning normally

An administratively prohibited ICMP message is a deliberate security-policy block indicator, not evidence of normal, unfiltered network operation.

Concept tested: ICMP administratively prohibited as router or firewall indicator

Source: https://www.rfc-editor.org/rfc/rfc1812

Topics

#ICMP#destination unreachable#packet filtering#firewall detection

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice