312-50V13 · Question #565
During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of fi
The correct answer is C. Application. When IRC traffic over port 80/TCP is blocked while HTTP traffic over the same port is unimpeded, it indicates that an application firewall is inspecting the traffic at the application layer to identify and filter non-HTTP protocols.
Question
Options
- ACircuit
- BStateful
- CApplication
- DPacket Filtering
How the community answered
(43 responses)- A5% (2)
- B9% (4)
- C72% (31)
- D14% (6)
Why each option
When IRC traffic over port 80/TCP is blocked while HTTP traffic over the same port is unimpeded, it indicates that an application firewall is inspecting the traffic at the application layer to identify and filter non-HTTP protocols.
A circuit-level gateway operates at the session layer and typically establishes a connection between hosts without inspecting the application-layer content.
A stateful firewall tracks the state of active connections but generally does not inspect the content of application-layer protocols to differentiate between, for example, HTTP and IRC on the same port.
An application firewall, also known as an Application Layer Gateway (ALG), inspects traffic at the application layer, allowing it to differentiate between legitimate HTTP traffic and other protocols (like IRC) attempting to use port 80, and then apply specific filtering rules.
A packet filtering firewall operates at the network and transport layers, primarily inspecting IP addresses, ports, and protocols, and would not typically distinguish between different application-layer protocols running on the same port.
Concept tested: Application layer firewall functionality
Source: https://learn.microsoft.com/en-us/windows/win32/winsock/application-layer-gateways
Topics
Community Discussion
No community discussion yet for this question.