GCIH · Question #556
Which of the following devices would return information about internal targets during an ACK scan?
The correct answer is A. A firewall that does not monitor the connection state of an inbound packet. An ACK scan is particularly useful in getting through simple router-based firewalls. If a router allows established connections in (and is not using any stateful inspection), an attacker can use ACK scans to send packets into the network. A border device (firewall, advanced route
Question
Which of the following devices would return information about internal targets during an ACK scan?
Options
- AA firewall that does not monitor the connection state of an inbound packet
- BA web-proxy that allows only outbound connections over tcp/8080
- CAn IDS connected to a mirror port of the border router
- DA border device that drops inbound connections that use a flag other than SYN
How the community answered
(47 responses)- A68% (32)
- B6% (3)
- C17% (8)
- D9% (4)
Explanation
An ACK scan is particularly useful in getting through simple router-based firewalls. If a router allows established connections in (and is not using any stateful inspection), an attacker can use ACK scans to send packets into the network. A border device (firewall, advanced router, etc.) that requires state for inbound connections will be definition drop inbound packets with the ACK flag, negating the effectiveness of an ACK scan. A web-proxy that only allows outbound connections will ignore an ACK scan. An IDS connected to a mirror port does not have an IP address to target with an ACK scan nor is there anything behind the IDS to map.
Topics
Community Discussion
No community discussion yet for this question.