312-50V13 Question #494: Real Exam Question with Answer & Explanation

Question

A security analyst is investigating a potential network-level session hijacking incident. During the investigation, the analyst finds that the attacker has been using a technique in which they injected an authentic-looking reset packet using a spoofed source IP address and a guessed acknowledgment number. As a result, the victim's connection was reset. Which of the following hijacking techniques has the attacker most likely used?

Options

• ATCP/IP hijacking
• BUDP hijacking
• CRST hijacking
• DBlind hijacking

Explanation

RST Hijacking Explained

Why C is Correct: RST hijacking involves an attacker injecting a forged TCP Reset (RST) packet with a spoofed source IP address and a predicted/guessed acknowledgment number, which tricks the victim's system into believing the legitimate server has terminated the connection - forcibly resetting the session.

Why the Others Are Wrong:

• A (TCP/IP hijacking) is a broader technique where the attacker actively takes over an existing session by injecting data packets, not specifically terminating it with a reset packet.
• B (UDP hijacking) targets UDP (connectionless) sessions, which don't use TCP's handshake or RST mechanisms - making it irrelevant to this scenario.
• D (Blind hijacking) occurs when an attacker injects data into a TCP stream without seeing the responses, focusing on session manipulation rather than using a forged RST packet to terminate a connection.

Memory Tip: Think of RST = "Reset/Ruin Session Technique" - whenever you see a forged RST packet + spoofed IP + guessed ACK number = RST hijacking. The key giveaway in the question is the word "reset", which directly maps to the RST flag in TCP.

No community discussion yet for this question.