GIAC
GSEC · Question #268
GSEC Question #268: Real Exam Question with Answer & Explanation
The correct answer is A. MAC Flooding. MAC Flooding overwhelms a switch's CAM table, causing the switch to broadcast all frames to every port and allowing the attacker to intercept and redirect segment traffic as if acting as the default gateway.
Question
If an attacker compromised a host on a site's internal network and wanted to trick other machines into using that host as the default gateway, which type of attack would he use?
Options
- AMAC Flooding
- BCDP Manipulation
- CTelnet Attack
- DDHCP Spoofing
- EVLAN Hopping
Explanation
MAC Flooding overwhelms a switch's CAM table, causing the switch to broadcast all frames to every port and allowing the attacker to intercept and redirect segment traffic as if acting as the default gateway.
Common mistakes.
- B. CDP Manipulation exploits the Cisco Discovery Protocol to harvest topology information or cause device misconfigurations but does not redirect segment traffic through an attacker's host.
- C. A Telnet Attack targets a device's management plane to gain administrative access over an unencrypted session; it does not alter network-layer path selection or default gateway assignments on other hosts.
- D. DHCP Spoofing uses a rogue DHCP server to respond to client lease requests with an attacker-controlled default gateway address, which is a distinct and more direct technique than MAC Flooding for gateway redirection.
- E. VLAN Hopping uses double-tagging or switch-spoofing frames to send traffic across VLAN boundaries but does not manipulate the default gateway configuration used by hosts within a segment.
Concept tested. MAC flooding CAM table overflow enabling traffic interception
Community Discussion
No community discussion yet for this question.