ECCouncil 312-50 Exam Dumps

 Rebecca should make a recommendation to upgrade the Linux kernel promptly

 Cygwin is a free Unix subsystem that runs on top of Windows

Explanation: Cygwin is a Linux-like environment for Windows. It consists of two parts:
A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing substantial Linux
API functionality.
A collection of tools which provide Linux look and feel.
The Cygwin DLL works with all non-beta, non "release candidate", ix86 32 bit versions of
Windows since Windows 95, with the exception of Windows CE.

Loadable Kernel Modules are a mechanism for adding functionality to an operatingsystem
kernel without requiring a kernel recompilation.

Explanation: Loadable Kernel Modules, or LKM, are object files that contain code to
extend the running kernel, or so-called base kernel, without the need of a kernel
recompilation. Operating systems other than Linux, such as BSD systems, also provide
support for LKM's. However, the Linux kernel generally makes far greater and more
versatile use of LKM's than other systems. LKM's are typically used to add support for new
hardware, filesystems or for adding system calls. When the functionality provided by an
LKM is no longer required, it can be unloaded, freeing memory.

Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous
information being displayed on the console.

Explanation: The normal way to hide these rogue programs running on systems is the use
crafted commands like ifconfig and ls.

 To deny the Telnet connection

Explanation:

-t, --table
This option specifies the packet matching table which the command should operate on. If
the kernel is configured with automatic module loading, an attempt will be made to load the
appropriate module for that table if it is not already there.
The tables are as follows: filter This is the default table, and contains the built-in chains
INPUT (for packets coming into the box itself), FORWARD (for packets being routed
through the box), and OUTPUT (for locally-generated packets). nat This table is consulted
when a packet which is creates a new connection is encountered. It consists of three builtins:
PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering
locally-generated packets before routing), and POSTROUTING (for altering packets as
they are about to go out). mangle This table is used for specialized packet alteration. It has
two built-in chains: PREROUTING (for altering incoming packets before routing) and
OUTPUT (for altering locally-generated packets before routing).
-A, --append
Append one or more rules to the end of the selected chain. When the source and/or
destination names resolve to more than one address, a rule will be added for each possible
address combination.
-p, --protocol [!] protocol
The protocol of the rule or of the packet to check. The specified protocol can be one of tcp,
udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a
different one. Also a protocol name from /etc/protocols is allowed. A "!" argument before
the protocol inverts the test. The number zero is equivalent to all. Protocol all will match
with all protocols and is taken as default when this option is omitted. All may not be used in combination with the check command.
--destination-port [!] [port[:port]]
Destination port or port range specification. The flag --dport is an alias for this option.
-j, --jump target
This specifies the target of the rule; ie. what to do if the packet matches it. The target can
be a user-defined chain (not the one this rule is in), one of the special builtin targets which
decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If
this option is omitted in a rule, then matching the rule will have no effect on the packet's
fate, but the counters on the rule will be incremented.