In what kind of system would you find a rule like 'alert tcp any any -> 192.168.100.0/24 21'?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

In what kind of system would you find a rule like 'alert tcp any any -> 192.168.100.0/24 21'?

Explanation:
This is about how an intrusion detection system uses rules to detect and alert on traffic patterns. The rule starts with an alert action, which tells the IDS to generate an alert when a match occurs. The pattern specifies TCP traffic from any source to a destination within the 192.168.100.0/24 subnet on port 21, which is the FTP control port. That kind of rule is exactly how an IDS voices potential issues or policy violations by flagging matching traffic for review. A firewall, by contrast, centers on allowing or blocking traffic and would use rules that explicitly permit or deny connections rather than generating alerts embedded in the rule syntax. A DNS server handles domain name resolutions and wouldn’t use this kind of FTP-focused traffic alert rule. A load balancer distributes or redirects traffic across servers and doesn’t typically generate content-based alerts in this manner.

This is about how an intrusion detection system uses rules to detect and alert on traffic patterns. The rule starts with an alert action, which tells the IDS to generate an alert when a match occurs. The pattern specifies TCP traffic from any source to a destination within the 192.168.100.0/24 subnet on port 21, which is the FTP control port. That kind of rule is exactly how an IDS voices potential issues or policy violations by flagging matching traffic for review.

A firewall, by contrast, centers on allowing or blocking traffic and would use rules that explicitly permit or deny connections rather than generating alerts embedded in the rule syntax. A DNS server handles domain name resolutions and wouldn’t use this kind of FTP-focused traffic alert rule. A load balancer distributes or redirects traffic across servers and doesn’t typically generate content-based alerts in this manner.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy