After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledge (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen and then opens a second connection from a forget IP address. The attack doesn’t see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP Address is used for authentication, the attacker can use the one-side communication to break into the server.

What attacks can you successfully launch against a server using the above technique?

A.
Session Hijacking attacks

B.
Denial of Service attacks

C.
Web Page defacement attacks

D.
IP Spoofing Attacks

Explanation:
The term Session Hijacking refers to the exploitation of a valid computer session – sometimes also called a session key – to gain unauthorised access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer.