Heroes of Packet Analysis Quiz
7: Which packet number(s) indicate a poorly configured firewall? (Only one answer is correct)
This is a Capture file I use in classes to teach firewall analytics and construct multiple Wireshark color rules. We have a Nessus Scanner (192.168.1.141) performing an OS Fingerprint scan on the target Laptop (192.168.1.123). The laptop has a software firewall running in
A. None – the Firewall is correctly configured.
B. Only 1-8, 10, 13-14 – the ICMP should not be there.
C. Only 12, 16, 18, 20, 22, 24 – the Firewall should never respond with RST, ACK to prevent port mapping.
D. Only 2, 4, 6, 10, 14 – the Firewall should not respond to the ICMP.
E. All of these 2, 4, 6, 10, 12, 14, 16,18, 20, 22, 24 – a Firewall should not respond to ICMP or TCP Port Scans.
F. All of the packets show the Firewall is not correctly configured.
G. None of these answers is correct.
The correct answer was…
E. All of these 2, 4, 6, 10, 12, 14, 16,18, 20, 22, 24 – A Firewall should not respond to ICMP or TCP Port Scans.
The contest is closed, so we won’t be taking into account any more answers.
Who asked the question:
Chief Instructor and Forensics Investigator at Merlion’s Keep Consulting
Phill is an Innovative IT and Security Professional with over 31 years of practical experience in diverse networking and technological areas. He is an expert in Security and Forensics Analysis/Threat Recognition, Remediation/Systems Integration, Implementation/Network, Protocol Analysis, Optimization/Project Management
Join the conversation
Find us on one of the following social platforms to get a sneak peek into the network monitoring world.
Be Part of the Team
We are always on the lookout for passionate people, who are open to change and innovation.
Check the Careers Page