Which of the following attacks involves the use of previously captured network traffic?
A.
Replay
B.
Smurf
C.
Vishing
D.
DDoS
Explanation:
Replay attacks are becoming quite common. They occur when information is captured over a network. A
replay attack is a kind of access or modification attack. In a distributed environment, logon and password
information is sent between the client and the authentication system. The attacker can capture the
information and replay it later. This can also occur with security certificates from systems such as
Kerberos: The attacker resubmits the certificate, hoping to be validated by the authentication system and
circumvent any time sensitivity.
If this attack is successful, the attacker will have all of the rights and privileges from the original
certificate. This is the primary reason that most certificates contain a unique session identifier and a time
stamp. If the certificate has expired, it will be rejected and an entry should be made in a security log to
notify system administrators.
Incorrect Answers:
B: A smurf attack is a type of network security breach in which a network connected to the Internet is
swamped with replies to ICMP echo (PING) requests. It does not involve the use of previously captured
network traffic.
C: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private
information that will be used for identity theft. The scammer usually pretends to be a legitimate business,
and fools the victim into thinking he or she will profit. Vishing does not involve the use of previously
captured network traffic.
D: A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a
single computer. One common method of attack involves saturating the target machine with external
communications requests, so much so that it cannot respond to legitimate traffic or responds so slowly asto be rendered essentially unavailable. Such attacks usually lead to a server overload. DDoS attacks do not
involve the use of previously captured network traffic.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 325