312-50V11 · Question #337
A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets
The correct answer is B. MAC Flood. In a switched network, a MAC Flood attack overflows the switch's CAM table, causing it to broadcast all frames out every port and enabling packet sniffing.
Question
A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?
Options
- AFraggle
- BMAC Flood
- CSmurf
- DTear Drop
How the community answered
(43 responses)- A7% (3)
- B88% (38)
- C2% (1)
- D2% (1)
Why each option
In a switched network, a MAC Flood attack overflows the switch's CAM table, causing it to broadcast all frames out every port and enabling packet sniffing.
A Fraggle attack is a UDP-based amplification DDoS attack that floods a victim with UDP echo replies, and does not enable packet sniffing on a switched network.
A MAC Flood attack sends massive numbers of spoofed MAC addresses to fill the switch's Content Addressable Memory (CAM) table. Once the CAM table is full, the switch can no longer make forwarding decisions and begins flooding all frames out every port - a fail-open behavior. This allows the attacker to capture traffic intended for other hosts on the switched network.
A Smurf attack is an ICMP-based amplification DDoS attack that floods a victim by directing ICMP echo replies to it via broadcast spoofing, and does not enable packet sniffing.
A Tear Drop attack exploits IP fragmentation by sending malformed overlapping packet fragments to crash the target system, and does not enable packet sniffing.
Concept tested: MAC Flood attack enabling sniffing on switched networks
Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.html
Topics
Community Discussion
No community discussion yet for this question.