ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 173 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 173
Topic #: 1
[All 312-50v11 Questions]

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server.
What is the technique employed by John to bypass the firewall?

  • A. DNSSEC zone walking
  • B. DNS cache snooping
  • C. DNS enumeration
  • D. DNS tunneling method
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by americaman80 at April 15, 2021, 4:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
armangua
Highly Voted 1 year, 8 months ago
Bypassing Firewalls through the DNS Tunneling Method DNS operates using UDP, and it has a 255-byte limit on outbound queries. Moreover, it allows only alphanumeric characters and hyphens. Such small size constraints on external queries allow DNS to be used as an ideal choice to perform data exfiltration by various malicious entities. Since corrupt or malicious data can be secretly embedded into the DNS protocol packets, even DNSSEC cannot detect the abnormality in DNS tunneling. It is effectively used by malware to bypass the firewall to maintain communication between the victim machine and the C&C server. Tools such as NSTX (https://sourceforge.net), Heyoka (http://heyoka.sourceforge.netuse), and Iodine (https://code.kryo.se) use this technique of tunneling traffic across DNS port 53. CEH v11 Module 12 Page 994
upvoted 13 times
dinonino
9 months ago
To distinguish fro zone walking: Domain Name System Security Extensions (DNSSEC) zone walking is a type of DNS enumeration technique in which an attacker attempts to obtain internal records if the DNS zone is not properly configured. The enumerated zone information can assist the attacker in building a host network map. Organizations use DNSSEC to add security features to the DNS data and provide protection against known threats to the DNS. This security feature uses digital signatures based on public-key cryptography to strengthen authentication in DNS. These digital signatures are stored in the DNS name servers along with common records such as MX, A, AAAA, and CNAME. While
upvoted 3 times
...
...
Daniel8660
Most Recent 8 months ago
Selected Answer: D
Firewall Evasion Techniques - Bypassing Firewalls through the DNS Tunneling Method Such small size constraints on external queries allow DNS to be used as an ideal choice to perform data exfiltration by various malicious entities.Since corrupt or malicious data can be secretly embedded into the DNS protocol packets, even DNSSEC cannot detect the abnormality in DNS tunneling. It is effectively used by malware to bypass the firewall to maintain communication between the victim machine and the C&C server. (P.1586/1570)
upvoted 3 times
...
Khedya007
10 months, 3 weeks ago
CEH v11 Module 12 Page 1570
upvoted 3 times
...
ANDRESCB1988
1 year, 11 months ago
correct
upvoted 1 times
...
americaman80
2 years, 2 months ago
Correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel