312-50V11 · Question #692
Which type of sniffing technique is generally referred as MiTM attack?
The correct answer is B. ARP Poisoning. ARP Poisoning is the sniffing technique most commonly referred to as a Man-in-the-Middle (MiTM) attack because it actively redirects traffic between hosts through the attacker's machine.
Question
Which type of sniffing technique is generally referred as MiTM attack?
Exhibit
Options
- APassword Sniffing
- BARP Poisoning
- CMac Flooding
- DDHCP Sniffing
How the community answered
(49 responses)- A4% (2)
- B88% (43)
- C2% (1)
- D6% (3)
Why each option
ARP Poisoning is the sniffing technique most commonly referred to as a Man-in-the-Middle (MiTM) attack because it actively redirects traffic between hosts through the attacker's machine.
Password Sniffing is a passive technique for capturing credential data from network traffic and does not involve actively positioning an attacker between communicating hosts.
ARP Poisoning works by sending crafted, unsolicited ARP reply frames that associate the attacker's MAC address with a legitimate host's IP address, causing other devices on the LAN to update their ARP caches with the false mapping. This redirects traffic destined for the legitimate host to the attacker instead, placing the attacker inline between the communicating parties and enabling interception, modification, or relay of the traffic - the defining behavior of a MiTM attack.
MAC Flooding overwhelms a switch's CAM table to force broadcast behavior, which is a prerequisite or enabler for sniffing but is not itself classified as a MiTM technique.
DHCP Sniffing or DHCP spoofing can assist in MiTM scenarios by providing a rogue default gateway, but it is not the technique most directly and commonly identified as MiTM.
Concept tested: ARP poisoning as Man-in-the-Middle attack vector
Source: https://www.ciscopress.com/articles/article.asp?p=1681033
Topics
Community Discussion
No community discussion yet for this question.
