Certified Ethical Hacker (CEH v12) — Question 314

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?

Answer options

• A. Port 80
• B. Port 23
• C. Port 50
• D. Port 53

Correct answer: D

Explanation

The correct answer is D, Port 53, as DNS traffic typically operates over this port, making it a suitable choice for DNS tunneling. Ports 80 and 23 are associated with HTTP and Telnet traffic respectively, which are not relevant for DNS tunneling. Port 50 is not standard for any common protocols and would not facilitate DNS communications.