Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO’s
office with various connected cables from the office. Which of the following describes the type of attack
that was occurring?
A.
Spear phishing
B.
Packet sniffing
C.
Impersonation
D.
MAC flooding
Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network
data communications sent between devices on a network. Capturing packets sent from a computer
system is known as packet sniffing. However, packet sniffing requires a physical connection to the
network. The switch hidden in the ceiling is used to provide the physical connection to the network.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from
Microsoft and Wireshark (formerly Ethereal).
A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to
a local area network that is not filtered or switched, the traffic can be broadcast to all computers
contained in the same segment. This doesn’t generally occur, since computers are generally told to ignore
all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is
shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic.
The NIC is put into promiscuous mode, and it reads communications between computers within a
particular segment. This allows the sniffer to seize everything that is flowing in the network, which can
lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware
or software solution. A sniffer is also known as a packet analyzer.Incorrect Answers:
A: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking
unauthorized access to confidential data. As with the e-mail messages used in regular phishing
expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually
appear to come from a large and well-known company or Web site with a broad membership base, such
as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be
an individual within the recipient’s own company and generally someone in a position of authority. The
attack described in this question is not an example of spear phishing.
C: Impersonation is where a person, computer, software application or service pretends to be someone
it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can
also be used as a security threat. However, the attack described in this question is not an example of
impersonation.
D: In computer networking, MAC flooding is a technique employed to compromise the security of
network switches. Switches maintain a MAC Table that maps individual MAC addresses on the network to
the physical ports on the switch. This allows the switch to direct data out of the physical port where the
recipient is located, as opposed to indiscriminately broadcasting the data out of all ports as a hub does.
The advantage of this method is that data is bridged exclusively to the network segment containing the
computer that the data is specifically destined for.
In a typical MAC flooding attack, a switch is fed many Ethernet frames, each containing different source
MAC addresses, by the attacker. The intention is to consume the limited memory set aside in the switch
to store the MAC address table. The attack described in this question is not an example of MAC flooding.http://en.wikipedia.org/wiki/Packet_analyzer
http://en.wikipedia.org/wiki/MAC_flooding