An attacker is tunneling TLS encrypted traffic within ICMP echo and reply packets. How will most network appliances see this?
An attacker is tunneling TLS encrypted traffic within ICMP echo and reply packets. How will most network appliances see this?
When tunneling TLS encrypted traffic within ICMP echo and reply packets, most network appliances will see this as ping traffic. ICMP packets, such as echo request and echo reply, are used for the 'ping' function, and the traffic will appear to be ICMP rather than revealing the underlying covert TCP or TLS.
Isn't C correct?
it's a covert tcp traffic BUT network appliances will see this as a ping traffic.