nerdexam
EC-Council

312-50V13 · Question #302

Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP addr

The correct answer is C. TCP/IP hacking. TCP/IP Hijacking Explained Option C is correct because Samuel performed a TCP/IP hijacking (session hijacking) attack - he intercepted an established TCP session, predicted the Initial Sequence Number (ISN), spoofed Bob's IP address to inject malicious packets, and successfully t

Submitted by tarun92· Mar 6, 2026Session Hijacking

Question

Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario?

Options

  • AUDP hijacking
  • BBlind hijacking
  • CTCP/IP hacking
  • DForbidden attack

How the community answered

(33 responses)
  • A
    12% (4)
  • B
    6% (2)
  • C
    79% (26)
  • D
    3% (1)

Explanation

TCP/IP Hijacking Explained

Option C is correct because Samuel performed a TCP/IP hijacking (session hijacking) attack - he intercepted an established TCP session, predicted the Initial Sequence Number (ISN), spoofed Bob's IP address to inject malicious packets, and successfully took over the communication session between Bob and the host machine, which are the defining characteristics of TCP/IP hijacking.

Why the distractors are wrong:

  • A (UDP hijacking): UDP is a connectionless protocol with no ISN or sequence numbers; the scenario explicitly involves ISN prediction, which is a TCP mechanism
  • B (Blind hijacking): In blind hijacking, the attacker cannot see the responses from the target - Samuel was actively monitoring and intercepting traffic, meaning he had full visibility of the session
  • D (Forbidden attack): This is not a recognized standard attack type in ethical hacking/CEH terminology and is simply a distractor

Memory Tip: Think "TCP = Sequence Numbers" - whenever an exam scenario mentions predicting or manipulating ISNs (Initial Sequence Numbers) to take over a session, it's always TCP/IP hijacking. The ISN is your keyword trigger!

Topics

#Session Hijacking#TCP/IP Spoofing#ISN Prediction#TCP Attacks

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice