Certified Ethical Hacker (CEH v11) — Question 251

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?

TCP port 21 no response -

TCP port 22 no response -
TCP port 23 Time-to-live exceeded

Answer options

• A. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server
• B. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error
• C. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall
• D. The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host

Correct answer: C

Explanation

Option C is correct because the scan on port 23 indicates that it was not blocked, allowing the response to be received. Options A and D are incorrect because they misinterpret the absence of responses from ports 21 and 22; they do not confirm whether the services are inactive or if the firewall is blocking them. Option B incorrectly states that a connection was made on port 23, which is not the case since the output shows a TTL exceeded error.