You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?
A.
There is no way to completely block tracerouting into this area
B.
Block ICMP at the firewall
C.
Block TCP at the firewall
D.
Block UDP at the firewall
Explanation:
If you create rules that prevents attackers to perform traceroutes to your DMZ then you’ll also prevent anyone from accessing the DMZ from outside the company network and in that case it is not a DMZ you have.
i dont understand why?
can you explain to me please? i plan to take the CEHV7 exam in 2 weeks!
TCP TRACEROUTE! I think what answer is saying is a that traceroute manipulates TTL in a packet, so you can block ICMP/Traceroute but you forget that you can use HPING to TCP TRACEROUTE and manipulate TTL too, against open ports to your DMZ servers. If you block connections to ports, then there is no service to share on a DMZ. So you can’t technically really stop this.
So if google has port 80 open, to allow http://www.google.com to run for all of us, but blocked traceroute and icmp responses, you can still use HPING to probe on open port 80, using TCP TRACEROUTES. Give it a try!
example: hping –traceroute http://www.google.com –syn –p 80
I agree with the answer. A
Lovely blog! I am loving it!! Will come back again. I am taking your feeds also
http://www.bastcilkdoptb.com/
Me gusta lo que veo tan estoy subsecuente adherirse a usted. Mira adelante a explorar net página página web todavía sin embargo de nuevo una vez más.
http://www.opinionesdating.com/meetic-opiniones/
Below youll uncover the link to some web-sites that we think you’ll want to visit.
I really like and appreciate your article.Much thanks again. Will read on…
I think this is a real great blog article.Really thank you!