PrepAway - Latest Free Exam Questions & Answers

This is only 16 bits which isn’t much but it concerns y…

You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for
later review. Every Friday when major deposits are made you’re seeing a series of bits placed in the “Urgent
Pointer” field of a TCP packet. This is only 16 bits which isn’t much but it concerns you because:

PrepAway - Latest Free Exam Questions & Answers

A.
This could be a sign of covert channeling in bank network communications and should be investigated.

B.
It could be a sign of a damaged network cable causing the issue.

C.
It could be a symptom of malfunctioning network card or drivers and the source system should be checked
for the problem.

D.
It is normal traffic because sometimes the previous fields 16 bit checksum value can over run into the
urgent pointer’s 16 bit field causing the condition.

Explanation:
Some Intrusion Detection System (IDS) evasion techniques involve deliberately violating the TCP or IP
protocols in a way the target computer will handle differently from the IDS. For example, the TCP Urgent
Pointer is handled differently on different operating systems and may not be handled correctly by the IDS.
Incorrect Answers:
B: It is very unlikely that a changed TCP Urgent pointer value is caused by a hardware problem, such as a
damaged network cable.
C: It is very unlikely that a changed TCP Urgent pointer value is caused by a hardware problem, such as a
damaged network card, or by a corrupt driver.
D: The TCP Urgent pointer field does not contain checksums.

https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques


Leave a Reply