312-50V12 Question #151: Real Exam Question with Answer & Explanation

Question

Jake, a network security specialist, is trying to prevent network-level session hijacking attacks in his company. While studying different types of such attacks, he learns about a technique where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets. Which of the following types of network-level session hijacking attacks is Jake studying?

Options

• ATCP/IP Hijacking
• BRST Hijacking
• CUDP Hijacking
• DMan-in-the-middle Attack Using Forged ICMP and ARP Spoofing

Explanation

The described attack, where an attacker inserts their machine between a client and server to reroute packets transparently using forged ICMP and ARP spoofing, is characteristic of a Man-in-the-middle (MITM) attack.

Common mistakes.

• A. TCP/IP Hijacking is a broader category that often refers to taking over an existing TCP session, rather than the described transparent insertion of a machine to reroute all traffic from the outset using ARP and ICMP manipulation.
• B. RST Hijacking specifically involves sending a forged TCP RST (reset) packet to abruptly terminate an established connection, which does not fit the description of transparently rerouting ongoing communications.
• C. UDP Hijacking is less common and refers to intercepting or injecting UDP packets; however, UDP is connectionless, and the described method of transparently inserting a machine and rerouting via forged ICMP and ARP is more indicative of a MITM attack against TCP/IP communication.

Concept tested. Man-in-the-middle (MITM) attack techniques

Reference. https://www.cisco.com/c/en/us/products/security/what-is-man-in-the-middle-attack.html

No community discussion yet for this question.