nerdexam
EC-Council

312-50V11 · Question #314

Which of the following is a client-server tool utilized to evade firewall inspection?

The correct answer is A. tcp-over-dns. tcp-over-dns tunnels TCP traffic inside DNS queries and responses, allowing data to bypass firewalls that permit DNS traffic.

Evading IDS, Firewalls, and Honeypots

Question

Which of the following is a client-server tool utilized to evade firewall inspection?

Options

  • Atcp-over-dns
  • Bkismet
  • Cnikto
  • Dhping

How the community answered

(45 responses)
  • A
    93% (42)
  • C
    2% (1)
  • D
    4% (2)

Why each option

tcp-over-dns tunnels TCP traffic inside DNS queries and responses, allowing data to bypass firewalls that permit DNS traffic.

Atcp-over-dnsCorrect

tcp-over-dns is a client-server tunneling tool that encapsulates TCP payloads within DNS protocol packets, exploiting the fact that most firewalls and perimeter devices allow outbound DNS (UDP/TCP port 53). Because the traffic appears as legitimate DNS communication, deep-packet firewall inspection is evaded. A DNS server component decapsulates and forwards the traffic on the attacker-controlled side.

Bkismet

Kismet is a wireless network detector and packet sniffer, not a tool for tunneling traffic through firewalls.

Cnikto

Nikto is a web server vulnerability scanner, not a firewall evasion or tunneling tool.

Dhping

hping is a packet crafting and port scanning utility; while it can manipulate packets, it is not a client-server DNS tunneling tool designed specifically for firewall evasion.

Concept tested: DNS tunneling for firewall evasion

Source: https://www.sans.org/reading-room/whitepapers/dns/detecting-dns-tunneling-34152

Topics

#tcp-over-dns#firewall evasion#tunneling#covert channel

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice