You perform a network scan using ICMP Echo Requests and observe that certain IP addresses do not return Echo Replies, while other network services remain functional. How should this situation be interpreted?
A.
The scanned IPs are unused and available for expansion
B.
The lack of replies indicates a major breach
C.
A firewall or security control is blocking ICMP Echo Requests
According to CEH v13 Network Scanning and Enumeration, ICMP Echo Requests (ping) are commonly filtered by firewalls and intrusion prevention systems to reduce network reconnaissance exposure. When ICMP Echo Replies are not returned but other services remain operational, the most likely explanation is ICMP filtering rather than host unavailability or compromise.
CEH v13 explicitly states that many organizations configure firewalls to block ICMP Echo Requests while allowing other ICMP types or higher-layer protocols. This practice helps prevent attackers from easily mapping live hosts during the reconnaissance phase.
The other options are incorrect because:
Unused IPs would not necessarily have active services.
A breach would typically present additional symptoms.
Network congestion would affect multiple protocols, not just ICMP.
Thus, blocked ICMP is the correct interpretation.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit