Certified Incident Handler (CIH) Practice Ecam

Which technique involves blocking traffic from a "bogon list" composed of unused or reserved IP addresses?

• A. RFC 3704 filtering
• B. IPSec tunneling
• C. DNSSEC validation
• D. Port scanning

The correct answer is: RFC 3704 filtering

The technique of blocking traffic from a "bogon list," which consists of unused or reserved IP addresses, is known as RFC 3704 filtering. This approach is based on the standards defined in RFC 3704, which advises network operators to filter out packets that originate from bogon IP addresses. These addresses are typically not allocated to any organization and should never appear on the public Internet. By implementing RFC 3704 filtering, organizations can enhance their security posture by reducing the risk of malicious traffic and ensuring that their networks are not inadvertently interacting with potentially harmful sources. This technique is crucial in preventing various types of attacks, such as IP spoofing, where an attacker tries to impersonate a legitimate source by using a reserved or unused IP address. Thus, by filtering these bogus addresses, network security is significantly improved. In contrast, the other techniques mentioned—IPSec tunneling, DNSSEC validation, and port scanning—serve different purposes. IPSec tunneling is used to secure IP communications by encrypting data packets, while DNSSEC validation helps ensure the integrity and authenticity of domain name system responses. Port scanning is a technique used to identify open ports on a device but does not relate to blocking unwanted traffic based on IP address legitimacy.