nerdexam
EC-Council

312-50V11 · Question #337

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets

The correct answer is B. MAC Flood. In a switched network, a MAC Flood attack overflows the switch's CAM table, causing it to broadcast all frames out every port and enabling packet sniffing.

Sniffing

Question

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?

Options

  • AFraggle
  • BMAC Flood
  • CSmurf
  • DTear Drop

How the community answered

(43 responses)
  • A
    7% (3)
  • B
    88% (38)
  • C
    2% (1)
  • D
    2% (1)

Why each option

In a switched network, a MAC Flood attack overflows the switch's CAM table, causing it to broadcast all frames out every port and enabling packet sniffing.

AFraggle

A Fraggle attack is a UDP-based amplification DDoS attack that floods a victim with UDP echo replies, and does not enable packet sniffing on a switched network.

BMAC FloodCorrect

A MAC Flood attack sends massive numbers of spoofed MAC addresses to fill the switch's Content Addressable Memory (CAM) table. Once the CAM table is full, the switch can no longer make forwarding decisions and begins flooding all frames out every port - a fail-open behavior. This allows the attacker to capture traffic intended for other hosts on the switched network.

CSmurf

A Smurf attack is an ICMP-based amplification DDoS attack that floods a victim by directing ICMP echo replies to it via broadcast spoofing, and does not enable packet sniffing.

DTear Drop

A Tear Drop attack exploits IP fragmentation by sending malformed overlapping packet fragments to crash the target system, and does not enable packet sniffing.

Concept tested: MAC Flood attack enabling sniffing on switched networks

Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.html

Topics

#MAC flooding#switched network sniffing#CAM table overflow#ARP spoofing

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice