nerdexam
GIAC

GCIH · Question #519

What payload data would be difficult for an IDS/IPS signatures to analyze?

The correct answer is B. SSH. Port 22 (SSH) will typically bypass most IDS/IPS because of the encryption factor. While port 21 (FTP) and port 23 (telnet) could be used as normal traffic, these protocols send all their data in the clear. Port 80 (http) has a higher likelihood of blending in with network traffi

Malware Analysis & Advanced Persistent Threats

Question

What payload data would be difficult for an IDS/IPS signatures to analyze?

Options

  • ATelnet
  • BSSH
  • CFTP
  • DHTTP

How the community answered

(66 responses)
  • A
    2% (1)
  • B
    95% (63)
  • D
    3% (2)

Explanation

Port 22 (SSH) will typically bypass most IDS/IPS because of the encryption factor. While port 21 (FTP) and port 23 (telnet) could be used as normal traffic, these protocols send all their data in the clear. Port 80 (http) has a higher likelihood of blending in with network traffic, however HTTP traffic is transferred in the clear which has a high likelihood of being detected by and IDS/IPS

Topics

#encrypted traffic#SSH#IDS evasion#signature analysis limitations

Community Discussion

No community discussion yet for this question.

Full GCIH Practice