nerdexam
EC-Council

312-50V11 · Question #154

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the p

The correct answer is B. Firewalking. Firewalking uses IP TTL manipulation to probe which ports a firewall permits, allowing an attacker to map access control rules without directly reaching the internal host.

Evading IDS, Firewalls, and Honeypots

Question

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall.

Options

  • ASession hijacking
  • BFirewalking
  • CMan-in-the middle attack
  • DNetwork sniffing

How the community answered

(29 responses)
  • A
    7% (2)
  • B
    86% (25)
  • C
    3% (1)
  • D
    3% (1)

Why each option

Firewalking uses IP TTL manipulation to probe which ports a firewall permits, allowing an attacker to map access control rules without directly reaching the internal host.

ASession hijacking

Session hijacking is an attack that takes over an already-established authenticated session between two hosts and has nothing to do with probing firewall filtering rules.

BFirewalkingCorrect

Firewalking crafts packets with a TTL set to expire exactly one hop beyond the target firewall gateway. If the firewall's ruleset permits the packet on a given port, it forwards it and a TTL-exceeded ICMP message returns from the next-hop router, confirming the port is open through the filter. If the firewall blocks the port, the packet is dropped silently, producing no response, and this difference in behavior allows an attacker to enumerate permitted ports without ever establishing a connection to the destination host.

CMan-in-the middle attack

A man-in-the-middle attack positions an adversary between two communicating parties to intercept or modify traffic, and does not involve actively probing which ports a firewall allows.

DNetwork sniffing

Network sniffing passively captures traffic already traversing a network segment and cannot generate probes to determine which ports are permitted through a firewall.

Concept tested: Firewalking technique for firewall ACL enumeration

Topics

#firewalking#firewall analysis#packet filtering#ACL discovery

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice