How can you achieve this?

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?

A.
There is no way to completely block tracerouting into this area

B.
Block ICMP at the firewall

C.
Block TCP at the firewall

D.
Block UDP at the firewall

Explanation:
If you create rules that prevents attackers to perform traceroutes to your DMZ then you’ll also prevent anyone from accessing the DMZ from outside the company network and in that case it is not a DMZ you have.



Leave a Reply 9

Your email address will not be published. Required fields are marked *


elprospero

elprospero

i dont understand why?

elprospero

elprospero

can you explain to me please? i plan to take the CEHV7 exam in 2 weeks!

eddie guerrero

eddie guerrero

TCP TRACEROUTE! I think what answer is saying is a that traceroute manipulates TTL in a packet, so you can block ICMP/Traceroute but you forget that you can use HPING to TCP TRACEROUTE and manipulate TTL too, against open ports to your DMZ servers. If you block connections to ports, then there is no service to share on a DMZ. So you can’t technically really stop this.

So if google has port 80 open, to allow http://www.google.com to run for all of us, but blocked traceroute and icmp responses, you can still use HPING to probe on open port 80, using TCP TRACEROUTES. Give it a try!

example: hping ­­–traceroute http://www.google.com­­ –syn –p 80

networkmanagers

networkmanagers

I agree with the answer. A

Google

Google

Below youll uncover the link to some web-sites that we think you’ll want to visit.

Jolie Stonebarger

Jolie Stonebarger

I really like and appreciate your article.Much thanks again. Will read on…

Edward Nantz

Edward Nantz

I think this is a real great blog article.Really thank you!