nerdexam
Exams312-50V11Questions#508
EC-Council

312-50V11 · Question #508

312-50V11 Question #508: Real Exam Question with Answer & Explanation

The correct answer is B: Install Cryptcat and encrypt outgoing packets from this server.. Cryptcat adds Twofish encryption to Netcat traffic, rendering the payload opaque to signature-based IDS systems that rely on inspecting cleartext packet content.

Question

What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you've compromised and gained root access to?

Options

  • AInstall and use Telnet to encrypt all outgoing traffic from this server.
  • BInstall Cryptcat and encrypt outgoing packets from this server.
  • CUse HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion
  • DUse Alternate Data Streams to hide the outgoing packets from this server.

Explanation

Cryptcat adds Twofish encryption to Netcat traffic, rendering the payload opaque to signature-based IDS systems that rely on inspecting cleartext packet content.

Common mistakes.

  • A. Telnet transmits all data in cleartext with no encryption, which makes traffic more visible to an IDS rather than less detectable.
  • C. Using HTTP does not encrypt or obfuscate packet payloads and an internal IDS can still inspect HTTP traffic content for malicious signatures.
  • D. Alternate Data Streams is an NTFS file system feature used to hide data within files on disk and has no effect on network packet visibility or IDS detection.

Concept tested. Encrypted tunneling to evade network-based IDS

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V11 Practice