350-701 · Question #73
How is ICMP used an exfiltration technique?
The correct answer is C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a. ICMP exfiltration involves using the ICMP protocol, typically the data portion of an echo-request or echo-reply packet, to encapsulate and transfer data or execute command and control instructions. Attackers embed sensitive information or commands within the ICMP payload, which i
Question
How is ICMP used an exfiltration technique?
Exhibit
Options
- Aby flooding the destination host with unreachable packets
- Bby sending large numbers of ICMP packets with a targeted hosts source IP address using an IP
- Cby encrypting the payload in an ICMP packet to carry out command and control tasks on a
- Dby overwhelming a targeted host with ICMP echo-request packets
How the community answered
(29 responses)- A3% (1)
- B10% (3)
- C66% (19)
- D21% (6)
Why each option
ICMP exfiltration involves using the ICMP protocol, typically the data portion of an echo-request or echo-reply packet, to encapsulate and transfer data or execute command and control instructions. Attackers embed sensitive information or commands within the ICMP payload, which is often permitted through firewalls, making it an effective covert communication channel.
Flooding a destination host with unreachable packets is typically associated with Denial of Service (DoS) attacks, not data exfiltration.
Sending large numbers of ICMP packets with a targeted host's source IP address is a form of spoofing or DoS, not a method for data exfiltration.
ICMP exfiltration leverages the ICMP protocol to tunnel data, where attackers embed encrypted data or command and control instructions within the payload of ICMP packets, such as echo requests or replies. This technique is effective because ICMP traffic is often allowed through network perimeters, providing a covert channel for data transfer or remote control.
Overwhelming a targeted host with ICMP echo-request packets (ping flood) is a classic Denial of Service (DoS) attack, not a method for data exfiltration.
Concept tested: ICMP exfiltration techniques
Source: https://www.cisco.com/c/en/us/about/security-center/network-security/icmp-tunneling.html
Topics
Community Discussion
No community discussion yet for this question.
