Mark works as a contractor for the Department of Defense and is in charge of network security. He has spent the last month securing access to his network from all possible entry points. He has segmented his network into several subnets and has installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Mark is fairly confident of his perimeter defenses, but is still worried about programs like Hping2 that can get into a network through covert channels.
How should mark protect his network from an attacker using Hping2 to scan his internal network?
A.
Block ICMP type 13 messages
B.
Block all outgoing traffic on port 53
C.
Use stateful inspection on the firewalls
D.
Block all incoming traffic on port 53
Explanation:
An ICMP type 13 message is an ICMP timestamp request and waits for an ICMP timestamp reply. The remote node is right to do, still it would not be necessary as it is optional and thus many ip stacks ignore such packets. Nevertheless, nmap again achived to make its packets unique by setting the originating timestamp field in the packet to 0.
this does not answer anything..moreover hping2 can forge tcp packet..