GCIH Question #396: Real Exam Question with Answer & Explanation

The correct answer is C: On their own host, directed to the default gateway. For the attacker to intercept the traffic using ARP cache poisoning, they should setup IP forwarding on their own (attacker) host and direct traffic to the default gateway. Then the attacker sends a gratuitous ARP to the victim, falsely telling the victim that their MAC address i

Question

An attacker wants to intercept their target's network traffic using ARP cache poisoning. How should the attacker setup IP forwarding?

Options

AOn the victim host, directed to the attacker host
BOn whichever network host that is the next hop from the victim, directed to the default gateway
COn their own host, directed to the default gateway
DOn the default gateway, directed to the attacker host

Explanation

For the attacker to intercept the traffic using ARP cache poisoning, they should setup IP forwarding on their own (attacker) host and direct traffic to the default gateway. Then the attacker sends a gratuitous ARP to the victim, falsely telling the victim that their MAC address is the one that is mapped to the IP address of the default gateway. The victim then sends the traffic to the attacker and the attacker forwards this on to the router; allowing the attacker to intercept the traffic while maintaining the appearance of innocence as the victim's traffic is being sent to the router and beyond (therefore the victim's traffic is not being hindered).

Community Discussion

No community discussion yet for this question.

Full GCIH Practice