Computer Hacking Forensic Investigator (CHFI v10) — Question 108

John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?

Answer options

• A. Firewalk cannot pass through Cisco firewalls
• B. Firewalk sets all packets with a TTL of zero
• C. Firewalk cannot be detected by network sniffers
• D. Firewalk sets all packets with a TTL of one

Correct answer: D

Explanation

The correct answer is D because Firewalk sets the Time To Live (TTL) of packets to one, which means they will not traverse beyond the first router, preventing them from reaching the sniffer on the deeper subnet. Option A is incorrect because Firewalk can pass through Cisco firewalls under certain conditions. Option B is wrong as TTL of zero would not allow packets to move at all, and option C is inaccurate because Firewalk can be detected, but its packets may not reach the sniffer due to TTL settings.