Which of the following is an effective method of detecting a covert communication tunnel such as ptunnel?
Which of the following is an effective method of detecting a covert communication tunnel such as ptunnel?
Detecting covert communication tunnels like ptunnel often requires monitoring for unusual or uncommon ICMP packet characteristics. Ptunnel, specifically, uses ICMP packets to encapsulate data, and these packets typically have uncommon payloads or behavior that can be flagged for further investigation. Therefore, detecting ICMP packets with uncommon payloads is an effective method to identify such covert channels.
I think D is better option. Question focuses on DETECTION, not prevention. While both C and D can help in detecting ICMP covert channel (ptunnel), I think that D is more comprehensive choose because it states to DETECT, which is asked in the question. A and B are not related to ptunnel covert channel (in mine opinion)