312-50V11 · Question #549
During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this response, which type of
The correct answer is C. Stateless. When an ACK scan returns 'unfiltered,' it means the firewall passed the ACK packet without tracking connection state, which is characteristic of stateless packet inspection.
Question
During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this response, which type of packet inspection is the firewall conducting?
Options
- AHost
- BStateful
- CStateless
- DApplication
How the community answered
(19 responses)- A5% (1)
- C84% (16)
- D11% (2)
Why each option
When an ACK scan returns 'unfiltered,' it means the firewall passed the ACK packet without tracking connection state, which is characteristic of stateless packet inspection.
Host-based inspection refers to security controls running on the endpoint itself, not a firewall packet inspection methodology.
A stateful firewall maintains a connection state table and would drop an unsolicited ACK packet - no matching SYN/SYN-ACK - causing NMAP to report the port as 'filtered,' not 'unfiltered.'
A stateless (packet filter) firewall evaluates each packet independently against static rules without maintaining a connection state table. When NMAP sends an ACK packet with no prior SYN, a stateless firewall has no record of an established connection to check against and may permit the packet based solely on port rules, causing NMAP to report the port as 'unfiltered.' A stateful firewall would recognize the ACK as belonging to no known session and drop it, reporting the port as 'filtered.'
Application-level inspection performs deep packet inspection of payload content at layer 7 and would similarly be able to identify and block illegitimate ACK packets.
Concept tested: NMAP ACK scan revealing stateless firewall behavior
Source: https://nmap.org/book/scan-methods-ack-scan.html
Topics
Community Discussion
No community discussion yet for this question.