350-701 · Question #73
350-701 Question #73: Real Exam Question with Answer & Explanation
The correct answer is C: by encrypting the payload in an ICMP packet to carry out command and control tasks on a. ICMP exfiltration involves using the ICMP protocol, typically the data portion of an echo-request or echo-reply packet, to encapsulate and transfer data or execute command and control instructions. Attackers embed sensitive information or commands within the ICMP payload, which i
Question
How is ICMP used an exfiltration technique?
Options
- Aby flooding the destination host with unreachable packets
- Bby sending large numbers of ICMP packets with a targeted hosts source IP address using an IP
- Cby encrypting the payload in an ICMP packet to carry out command and control tasks on a
- Dby overwhelming a targeted host with ICMP echo-request packets
Explanation
ICMP exfiltration involves using the ICMP protocol, typically the data portion of an echo-request or echo-reply packet, to encapsulate and transfer data or execute command and control instructions. Attackers embed sensitive information or commands within the ICMP payload, which is often permitted through firewalls, making it an effective covert communication channel.
Common mistakes.
- A. Flooding a destination host with unreachable packets is typically associated with Denial of Service (DoS) attacks, not data exfiltration.
- B. Sending large numbers of ICMP packets with a targeted host's source IP address is a form of spoofing or DoS, not a method for data exfiltration.
- D. Overwhelming a targeted host with ICMP echo-request packets (ping flood) is a classic Denial of Service (DoS) attack, not a method for data exfiltration.
Concept tested. ICMP exfiltration techniques
Reference. https://www.cisco.com/c/en/us/about/security-center/network-security/icmp-tunneling.html
Topics
Community Discussion
No community discussion yet for this question.