Certified Ethical Hacker (CEH v11) — Question 43

If you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST, what do you know about the firewall you are scanning?

Answer options

• A. It is a non-stateful firewall.
• B. There is no firewall in place.
• C. It is a stateful firewall.
• D. This event does not tell you anything about the firewall.

Correct answer: C

Explanation

The correct answer is C because a stateful firewall keeps track of the state of active connections and would typically not respond with an RST to an ACK sent to a closed port. Option A is incorrect as a non-stateful firewall would respond with an RST. Option B is not valid since the lack of an RST does not confirm the absence of a firewall. Option D is incorrect because the response behavior indicates that the firewall is stateful.