Which Trojan hides its data by masquerading as ICMP_ECHO traffic and tunnels data within ICMP packets?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which Trojan hides its data by masquerading as ICMP_ECHO traffic and tunnels data within ICMP packets?

Explanation:
This question tests a covert-channel idea: hiding data inside a normal-looking protocol to slip past defenses. Some Trojans are designed to use ICMP as a communication pathway, sending and receiving commands or exfiltrated data by masquerading as ICMP_ECHO (ping) traffic. They put the actual data payload into ICMP packets, effectively tunneling information within the ICMP protocol. Because ICMP is often allowed through firewalls and has no ports to flag like TCP/UDP, this technique can blend in with ordinary ping requests and replies. The reason this is the best fit is that the description explicitly mentions masquerading as ICMP_ECHO traffic and tunneling data within ICMP packets. That points to a Trojan family that leverages ICMP for its C2 channel, i.e., ICMP Trojans. The other options describe different malware families or delivery/exploitation methods that don’t rely on ICMP tunneling, so they don’t match the described technique. For context, in practice you’d look for unusual ICMP traffic patterns—unexpected payload sizes, high-frequency ICMP without normal ping behavior, or data-length anomalies in echo requests/replies—and you’d implement defenses such as strict ICMP filtering, anomaly detection, or DPI to inspect ICMP payloads for covert data.

This question tests a covert-channel idea: hiding data inside a normal-looking protocol to slip past defenses. Some Trojans are designed to use ICMP as a communication pathway, sending and receiving commands or exfiltrated data by masquerading as ICMP_ECHO (ping) traffic. They put the actual data payload into ICMP packets, effectively tunneling information within the ICMP protocol. Because ICMP is often allowed through firewalls and has no ports to flag like TCP/UDP, this technique can blend in with ordinary ping requests and replies.

The reason this is the best fit is that the description explicitly mentions masquerading as ICMP_ECHO traffic and tunneling data within ICMP packets. That points to a Trojan family that leverages ICMP for its C2 channel, i.e., ICMP Trojans. The other options describe different malware families or delivery/exploitation methods that don’t rely on ICMP tunneling, so they don’t match the described technique.

For context, in practice you’d look for unusual ICMP traffic patterns—unexpected payload sizes, high-frequency ICMP without normal ping behavior, or data-length anomalies in echo requests/replies—and you’d implement defenses such as strict ICMP filtering, anomaly detection, or DPI to inspect ICMP payloads for covert data.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy