nerdexam
EC-Council

312-50V9 · Question #264

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the p

The correct answer is A. Firewalking. Firewalking is the technique of using TTL-manipulated packets to probe a firewall and determine which ports and protocols are permitted through its packet-filtering rules.

Evading IDS, Firewalls, and Honeypots

Question

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall.

Options

  • AFirewalking
  • BSession hijacking
  • CNetwork sniffing
  • DMan-in-the-middle attack

How the community answered

(23 responses)
  • A
    87% (20)
  • B
    4% (1)
  • C
    9% (2)

Why each option

Firewalking is the technique of using TTL-manipulated packets to probe a firewall and determine which ports and protocols are permitted through its packet-filtering rules.

AFirewalkingCorrect

Firewalking crafts packets with an IP TTL value set to expire exactly one hop beyond the firewall gateway, causing the firewall to forward permitted packets while silently dropping or returning ICMP errors for blocked ones. This allows an attacker to systematically map which ports and protocols can traverse the packet filter without having direct access to hosts behind it.

BSession hijacking

Session hijacking targets an already-established authenticated session between two hosts and does not probe firewall filtering rules.

CNetwork sniffing

Network sniffing passively captures traffic passing a network interface and does not involve sending crafted packets to test firewall access controls.

DMan-in-the-middle attack

A man-in-the-middle attack positions the attacker between two communicating parties to intercept or modify traffic, not to enumerate firewall port permissions.

Concept tested: Firewalking for firewall rule enumeration

Source: https://owasp.org/www-project-testing/

Topics

#firewalking#packet filtering#firewall bypass#port scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice