Free EC-Council 312-50V13 CEH V13 Actual Exam Questions - Question 2 Discussion
method in order to exfiltrate dat
a. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin
run the NSTX tool?
Definitely not B, C, or D since DNS traffic normally uses Port 53.
A. DNS tunneling is all about using the DNS protocol, which runs on Port 53, to sneak data through. NSTX specifically targets this standard port to blend in with normal DNS traffic, making it harder to detect. Ports like 23 (Telnet), 50 (ESP for IPsec), or 80 (HTTP) are unrelated to DNS, so they wouldn't work for this kind of tunneling. So aside from the obvious port choice, it makes sense that NSTX sticks with Port 53 to avoid raising alarms and to get past firewalls that typically allow DNS queries without much scrutiny.
Since DNS traffic uses Port 53, it makes sense that NSTX, which exploits DNS tunneling, also runs on Port 53. Ports like 23 (Telnet) and 80 (HTTP) are unrelated to DNS, so they wouldn’t be suitable here. Port 50 is for IPSec, which doesn’t fit this scenario either. So yeah, A is the only logical choice.
It’s A, Port 53 is for DNS traffic.