GIAC Certified Incident Handler (GCIH) — Question 78

Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except the ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about the programs like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?

Answer options

• A. Block all outgoing traffic on port 21
• B. Block all outgoing traffic on port 53
• C. Block ICMP type 13 messages
• D. Block ICMP type 3 messages

Correct answer: C

Explanation

Blocking ICMP type 13 messages, which are used for timestamp requests, can help prevent certain types of network scanning conducted by tools like Hping2. This is effective because it restricts the ability of attackers to gather information about the network's time settings, which can be used to infer the presence of hosts. On the other hand, blocking ports 21 and 53 or ICMP type 3 messages does not directly mitigate the threat posed by Hping2 for internal network scanning.