How can you achieve this?

Posted by: Pdfprep Category: CEH-001 Tags: , ,

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discover the internal structure of publicly accessible areas of the network.

How can you achieve this?
A . Block ICMP at the firewall.
B . Block UDP at the firewall.
C . Both A and
E . There is no way to completely block doing a trace route into this area.

Answer: D

Explanation:

When you run a traceroute to a target network address, you send a UDP packet with one time to live (TTL) to the target address. The first router this packet hits decreases the TTL to 0 and rejects the packet. Now the TTL for the packet is expired. The router sends back an ICMP message type 11 (Exceeded) code 0 (TTL–Exceeded) packet to your system with a source address. Your system displays the round-trip time for that first hop and sends out the next UDP packet with a TTL of 2.

This process continues until you receive an ICMP message type 3 (Unreachable) code 3 (Port–Unreachable) from the destination system. Traceroute is completed when your machine receives a Port-Unreachable message.

If you receive a message with three asterisks [* * *] during the traceroute, a router in the path doesn’t return ICMP messages. Traceroute will continue to send UDP packets until the destination is reached or the maximum number of hops is exceeded.

Leave a Reply

Your email address will not be published.