You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you’re seeing a series of bits placed in the "Urgent Pointer" field of a TCP packet.
This is only 16 bits which isn’t much but it concerns you because:
A . This could be a sign of covert channeling in bank network communications and should be investigated.
B . It could be a sign of a damaged network cable causing the issue.
C . It could be a symptom of malfunctioning network card or drivers and the source system should be checked for the problem.
D . It is normal traffic because sometimes the previous fields 16-bit checksum value can over run into the urgent pointer’s 16-bit field causing the condition.
Answer: A
Explanation:
The Urgent Pointer is used when some information has to reach the server ASAP. When the TCP/IP stack at the other end sees a packet using the Urgent Pointer set, it is duty bound to stop all ongoing activities and immediately send this packet up the stack for immediate processing. Since the packet is plucked out of the processing queue and acted upon immediately, it is known as an Out Of Band (OOB)packet and the data is called Out Of Band (OOB) data.
The Urgent Pointer is usually used in Telnet, where an immediate response (e.g. the echoing of characters) is desirable.
Covert Channels are not directly synonymous with backdoors. A covert channel is simply using a communication protocol in a way it was not intended to be used or sending data without going through the proper access control mechanisms or channels. For example, in a Mandatory Access Control systems a user at secret has found a way to communicate information to a user at Confidential without going through the normal channels.
In this case the Urgent bit could be used for a few reasons:
Leave a Reply