To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent
to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet)
with a source IP address of the access control device is received, then it means which of the
following type of firewall is in place?
A.
Circuit level gateway
B.
Stateful multilayer inspection firewall
C.
Packet filter
D.
Application level gateway
“C” ECSAv8 pg. 421
C Packet Filter Firewall
According to ECSAv8 (Module 12, Page 21), the correct answer is C.
Explanation:
The following sentence seem redundant and misleading.
“To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall.”
It has nothing to do with the main idea of this question.
The question should be like this:
“If you send an ICMP packet to one pc located in certain network and receive a Type 13, Code 0 ICMP message, then it means which of the following type of firewall is in place?”
In IPv4 packet header, there is a field called “protocol.”
Protocol: Tells the Network layer at the destination host, to which Protocol this packet belongs to, i.e. the next level Protocol. For example protocol number of ICMP is 1, TCP is 6 and UDP is 17.
Therefore, a “packet filter firewall” can inspect this field to determine if some packets are ICMP packets or not. If one of the firewall policies is to block all ICMP requests, anyone who tries to send an ICMP request will get a Type 13, Code 0 ICMP return message.