Register
Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server ( ) behind the firewall:From
191k views
4 votes
Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server ( ) behind the firewall:From her own workstation ( ) outside the firewall, Ann then runs a port scan against the server and records the following packet capture of the port scan:

0.872299 -> TCP 62 49188 > 22 [SYN] Seq=0 ...
...
...

Connectivity to the server from outside the firewall worked as expected prior to executing these commands.

Which of the following can be said about the new firewall?

A. It is correctly dropping all packets destined for the server.
B. It is not blocking or filtering any traffic to the server.
C. Iptables needs to be restarted.
D. The IDS functionality of the firewall is currently disabled.

User Omnidan
by
8.1k points

1 Answer

0 votes

Final answer:

The firewall is not performing its intended role of blocking or filtering traffic, as indicated by an external station successfully sending a SYN packet to the server behind the firewall.

Step-by-step explanation:

The firewall is not blocking or filtering any traffic to the server. The evidence provided shows a packet with the SYN flag set, indicating an attempt to initiate a TCP connection, proceeding from an external workstation to the server on TCP port 22, which is typical for SSH protocol. The SYN packet is part of the three-way handshake used to establish a TCP connection. In this case, since the SYN packet is present but there is no corresponding SYN-ACK packet from the server, it indicates that the server is not responding to the SYN packet. This suggests that the new firewall is dropping or blocking the incoming SYN packets, preventing the establishment of TCP connections.

The described behavior implies that all packets, including those meant for the server, are passing through the firewall. Without seeing the specific commands Ann ran, we can't determine the need to restart iptables or the state of the IDS functionality. However, the provided information suggests that the firewall is not currently fulfilling its intended role of filtering traffic.

User Imderek
by
7.0k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.6m questions

11.3m answers

Other Questions

Who was Adam Smith ? Anybody?
What can turn igneous rock into sediment?
In what way did the GI Bill contribute to the growth of professional and white-collar jobs ? A.by providing US laborers with new job-training programs B.by giving US veterans assistance to purchase a new
What is the best way to describe a stock market?
You sell popcorn during your schools football games. Knowing that the people usually buy more when the price is lower, how would you price your popcorn after halftime?
Link Copied!