GAQM Exam CPEH-001 Topic 4 Question 14 Discussion

Actual exam question for GAQM's CPEH-001 exam

Question #: 14
Topic #: 4

Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference?

AEric network has been penetrated by a firewall breach

BThe attacker is using the ICMP protocol to have a covert channel

CEric has a Wingate package providing FTP redirection on his network

DSomebody is using SOCKS on the network to communicate through the firewall

Show Suggested Answer

Suggested Answer: D

Port Description:

SOCKS. SOCKS port, used to support outbound tcp services (FTP, HTTP, etc). Vulnerable similar to FTP Bounce, in that attacker can connect to this port and \bounce\ out to another internal host. Done to either reach a protected internal host or mask true source of attack. Listen for connection attempts to this port -- good sign of port scans, SOCKS-probes, or bounce attacks. Also a means to access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port allows attacker to access web sites, etc. that were restricted only to.mil domain hosts.

by Pete at May 07, 2022, 01:16 AM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!