On a compromised web-enabled host with outbound HTTP traffic unimpeded, what happens to IRC traffic?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

On a compromised web-enabled host with outbound HTTP traffic unimpeded, what happens to IRC traffic?

Explanation:
When a host is compromised and tries to use IRC for command-and-control, security devices that monitor outbound traffic can still see and identify that IRC activity even if HTTP is allowed. Application-layer inspection and IDS/IPS rules can recognize IRC patterns and raise an alert. If there isn’t an explicit rule to block IRC, the traffic is allowed to pass despite the alert. So you get visibility from the alert, but the IRC traffic continues to flow. Only with a specific block or strict egress controls would that traffic be stopped or rate-limited.

When a host is compromised and tries to use IRC for command-and-control, security devices that monitor outbound traffic can still see and identify that IRC activity even if HTTP is allowed. Application-layer inspection and IDS/IPS rules can recognize IRC patterns and raise an alert. If there isn’t an explicit rule to block IRC, the traffic is allowed to pass despite the alert. So you get visibility from the alert, but the IRC traffic continues to flow. Only with a specific block or strict egress controls would that traffic be stopped or rate-limited.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy