An attacker is attempting to telnet into a corporation’s system in the DMZ. The attacker doesn’t want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system.

What is the most probable reason?

A.
The firewall is blocking port 23 to that system.

B.
He cannot spoof his IP and successfully use TCP.

C.
He needs to use an automated tool to telnet in.

D.
He is attacking an operating system that does not reply to telnet even when open.

Explanation:
Spoofing your IP will only work if you don’t need to get an answer from the target system. In this case the answer (login prompt) from the telnet session will be sent to the "real" location of the IP address that you are showing as the connection initiator.