nerdexam
GIAC

GCIH · Question #151

GCIH Question #151: Real Exam Question with Answer & Explanation

The correct answer is A. Despoof. Despoof is a Linux utility that monitors incoming packets and generates alerts when it detects source IP addresses that appear to be forged or spoofed.

Incident Response & Cyber Kill Chain

Question

You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are working as a root user on the Linux operating system. Your company is facing an IP spoofing attack. Which of the following tools will you use to get an alert saying that an upcoming IP packet is being spoofed?

Options

  • ADespoof
  • BDsniff
  • Cethereal
  • DNeotrace

Explanation

Despoof is a Linux utility that monitors incoming packets and generates alerts when it detects source IP addresses that appear to be forged or spoofed.

Common mistakes.

  • B. Dsniff is a suite of network auditing and password-sniffing tools designed to capture credentials from network traffic, and it does not provide alerting functionality for detecting spoofed IP addresses.
  • C. Ethereal (the predecessor to Wireshark) is a passive packet capture and protocol analysis tool that displays raw traffic details but does not generate automated alerts for IP address spoofing detection.
  • D. Neotrace is a visual traceroute utility that maps the network path between two hosts, and it has no capability to monitor for or alert on IP spoofing activity.

Concept tested. IP spoofing detection tools on Linux

Topics

#IP spoofing detection#Despoof#network monitoring#Linux security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice