GCIH · Question #519
What payload data would be difficult for an IDS/IPS signatures to analyze?
The correct answer is B. SSH. Port 22 (SSH) will typically bypass most IDS/IPS because of the encryption factor. While port 21 (FTP) and port 23 (telnet) could be used as normal traffic, these protocols send all their data in the clear. Port 80 (http) has a higher likelihood of blending in with network traffi
Question
What payload data would be difficult for an IDS/IPS signatures to analyze?
Options
- ATelnet
- BSSH
- CFTP
- DHTTP
How the community answered
(66 responses)- A2% (1)
- B95% (63)
- D3% (2)
Explanation
Port 22 (SSH) will typically bypass most IDS/IPS because of the encryption factor. While port 21 (FTP) and port 23 (telnet) could be used as normal traffic, these protocols send all their data in the clear. Port 80 (http) has a higher likelihood of blending in with network traffic, however HTTP traffic is transferred in the clear which has a high likelihood of being detected by and IDS/IPS
Topics
Community Discussion
No community discussion yet for this question.