Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM Exam CPEH-001 Topic 4 Question 103 Discussion

Actual exam question for GAQM's CPEH-001 exam
Question #: 103
Topic #: 4
[All CPEH-001 Questions]

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

Show Suggested Answer Hide Answer
Suggested Answer: B

Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker's host to a destination host through a packet-filtering device. This technique can be used to map 'open' or 'pass through' ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway.


by Rosina at Nov 15, 2024, 10:36 AM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Almeta
21 days ago
Option C seems reasonable, but I'm not sure if all 77 packets necessarily came from the same LAN. Could be a coordinated attack from multiple segments.
upvoted 0 times
...
Tijuana
26 days ago
Haha, I bet the person who wrote this question is a real ICMP_ECHO fanatic. Gotta love those packet IDs and sequences!
upvoted 0 times
Judy
8 days ago
B) ICMP ID and Seq numbers were most likely set by a tool and not by the operating system
upvoted 0 times
...
Kip
18 days ago
A) The packets were sent by a worm spoofing the IP addresses of 47 infected sites
upvoted 0 times
...
...
Colby
1 months ago
I'm leaning towards A. 47 different sites sending spoofed packets sounds like a worm to me.
upvoted 0 times
Bernardine
2 days ago
D) 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0
upvoted 0 times
...
Cristen
22 days ago
B) ICMP ID and Seq numbers were most likely set by a tool and not by the operating system
upvoted 0 times
...
Bobbye
26 days ago
A) The packets were sent by a worm spoofing the IP addresses of 47 infected sites
upvoted 0 times
...
...
Nilsa
1 months ago
I'm going with D. The packets with ICMP ID 0 and Seq 0 are probably from behind a NAT, which makes sense for an external network.
upvoted 0 times
Rolland
10 hours ago
I'm leaning towards C. All 77 packets having the same ID and Seq could mean they came from the same LAN segment.
upvoted 0 times
...
Jamal
1 days ago
D makes sense to me too. The packets with ID 0 and Seq 0 are likely from behind a NAT.
upvoted 0 times
...
Alysa
27 days ago
I agree with A. It's possible that the packets were sent by a worm spoofing IP addresses.
upvoted 0 times
...
Terrilyn
1 months ago
I think B is more likely. The ID and Seq numbers seem to be set by a tool, not the OS.
upvoted 0 times
...
...
Louvenia
2 months ago
Hmm, I think the answer is B. The ICMP ID and Seq numbers seem too precise to be set by an operating system. This is likely the work of a tool.
upvoted 0 times
Jovita
12 days ago
User2: Definitely, it's more likely that a tool set those numbers rather than the operating system.
upvoted 0 times
...
Lilli
1 months ago
User1: I agree, the precision of the ICMP ID and Seq numbers does seem suspicious.
upvoted 0 times
...
...
Edwin
2 months ago
I agree with option D, as the 13 packets with ICMP ID 0 and Seq 0 were probably from an external network behind a NAT.
upvoted 0 times
...
Thora
2 months ago
I believe the ICMP ID and Seq numbers were most likely set by a tool and not by the operating system.
upvoted 0 times
...
Jacinta
2 months ago
I think the packets were sent by a worm spoofing the IP addresses of infected sites.
upvoted 0 times
...

Save Cancel