What is used for stealth communication?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

What is used for stealth communication?

Explanation:
Stealth communication relies on covert channels that blend with normal network activity so data can move without easily attracting attention. DNS tunneling is especially effective because DNS traffic is almost always allowed through networks, and data can be hidden in domain names or DNS records sent to an attacker-controlled server, making it look like ordinary lookups. ICMP tunneling also exists, taking advantage of the permissibility of ICMP traffic to carry payloads inside echo requests and replies. While TLS, SSH, or FTP tunnels can conceal traffic, they tend to be more detectable due to their recognizable protocol behavior and security controls, making DNS/ICMP tunneling the more commonly used stealth channel.

Stealth communication relies on covert channels that blend with normal network activity so data can move without easily attracting attention. DNS tunneling is especially effective because DNS traffic is almost always allowed through networks, and data can be hidden in domain names or DNS records sent to an attacker-controlled server, making it look like ordinary lookups. ICMP tunneling also exists, taking advantage of the permissibility of ICMP traffic to carry payloads inside echo requests and replies. While TLS, SSH, or FTP tunnels can conceal traffic, they tend to be more detectable due to their recognizable protocol behavior and security controls, making DNS/ICMP tunneling the more commonly used stealth channel.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy