312-50V9 · Question #550
Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively inte
The correct answer is B. Man-in-the-middle. Eric uses Dsniff to silently relay and intercept communications between two endpoints who are unaware of his presence, which is the textbook definition of a man-in-the-middle attack.
Question
Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?
Options
- AInterceptor
- BMan-in-the-middle
- CARP Proxy
- DPoisoning Attack
How the community answered
(37 responses)- A3% (1)
- B89% (33)
- C3% (1)
- D5% (2)
Why each option
Eric uses Dsniff to silently relay and intercept communications between two endpoints who are unaware of his presence, which is the textbook definition of a man-in-the-middle attack.
Interceptor is not a recognized standard attack classification in networking or security frameworks.
A man-in-the-middle attack occurs when an attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. Eric uses Dsniff to establish independent credentials with both sides, enabling him to read, potentially alter, and forward all traffic without detection by either remote endpoint.
ARP Proxy is a network technique that can be leveraged to facilitate a MITM attack, but it describes a mechanism - not the resulting attack category.
Poisoning attack such as ARP poisoning refers to the method used to redirect traffic toward the attacker, not the overarching attack that results from that redirection.
Concept tested: Man-in-the-middle attack using Dsniff toolset
Source: https://owasp.org/www-community/attacks/Man-in-the-middle_attack
Topics
Community Discussion
No community discussion yet for this question.