Notifications
Clear all
Topic starter
25/06/2022 7:48 pm
An organization wants to mitigate against risks associated with network reconnaissance. ICMP is already blocked at the firewall; however, a penetration testing team has been able to perform reconnaissance against the organization’s network and identify active hosts.
An analyst sees the following output from a packet capture:
Which of the following phrases from the output provides information on how the testing team is successfully getting around the ICMP firewall rule?
- A . flags=RA indicates the testing team is using a Christmas tree attack
- B . ttl=64 indicates the testing team is setting the time to live below the firewall’s threshold
- C . 0 data bytes indicates the testing team is crafting empty ICMP packets
- D . NO FLAGS are set indicates the testing team is using hping
Suggested Answer: D