PrepAway - Latest Free Exam Questions & Answers

Which of the following BEST describes the type of attack that is occurring

Which of the following BEST describes the type of attack that is occurring

PrepAway - Latest Free Exam Questions & Answers

A.
Smurf Attack

B.
Man in the middle

C.
Backdoor

D.
Replay

E.
Spear Phishing

F.
Xmas Attack

G.
Blue Jacking

H.
Ping of Death

Explanation:
The exhibit shows that all the computers on the network are being ‘pinged’. This indicates that the ping
request was sent to the network broadcast address. We can also see that all the replies were received by
one (probably with a spoofed address) host on the network. This is typical of a smurf attack.
A smurf attack is a type of network security breach in which a network connected to the Internet is
swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet
broadcast address. These are special addresses that broadcast all received messages to the hosts
connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request
can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the
attacker’s victim. All the hosts receiving the PING request reply to this victim’s address instead of the real
sender’s address. A single attacker sending hundreds or thousands of these PING messages per second
can fill the victim’s T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees.
Smurfing falls under the general category of Denial of Service attacks — security attacks that don’t try to
steal information, but instead attempt to disable a computer or network.
Incorrect Answers:
B: In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM,
MIM, MiM or MITMA) is an attack where the attacker secretly relays and possibly alters the
communication between two parties who believe they are directly communicating with each other. One
example is active eavesdropping, in which the attacker makes independent connections with the victims
and relays messages between them to make them believe they are talking directly to each other over a
private connection, when in fact the entire conversation is controlled by the attacker. The attacker must
be able to intercept all relevant messages passing between the two victims and inject new ones. This is
straightforward in many circumstances; for example, an attacker within reception range of an
unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle. This is not the attack
illustrated in this question.
C: A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal
authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so
on, while attempting to remain undetected. The backdoor may take the form of an installed program(e.g., Back Orifice) or may subvert the system through a rootkit. This is not the attack illustrated in this
question.
D: A replay attack (also known as playback attack) is a form of network attack in which a valid data
transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator
or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by
IP packet substitution (such as stream cipher attack).
For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of
identity, which Alice dutifully provides (possibly after some transformation like a hash function);
meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the
interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends
Alice’s password (or hash) read from the last session, which Bob accepts thus granting access to Eve. This
is not the attack illustrated in this question.
E: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking
unauthorized access to confidential data. As with the e-mail messages used in regular phishing
expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually
appear to come from a large and well-known company or Web site with a broad membership base, such
as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be
an individual within the recipient’s own company and generally someone in a position of authority. This is
not the attack illustrated in this question.
F: In information technology, a Christmas tree packet is a packet with every single option set for whatever
protocol is in use. The term derives from a fanciful image of each little option bit in a header being
represented by a different-colored light bulb, all turned on, as in, “the packet was lit up like a Christmas
tree.” It can also be known as a kamikaze packet, nastygram or a lamp test segment.
Christmas tree packets can be used as a method of divining the underlying nature of a TCP/IP stack by
sending the packets and awaiting and analyzing the responses. When used as part of scanning a system,
the TCP header of a Christmas tree packets has the flags SYN, FIN, URG and PSH set. Many operating
systems implement their compliance with the Internet Protocol standard (RFC 791) in varying or
incomplete ways. By observing how a host responds to an odd packet, such as a Christmas tree packet,
assumptions can be made regarding the host’s operating system. Versions of Microsoft Windows,
BSD/OS, HP-UX, Cisco IOS, MVS, and IRIX display behaviors that differ from the RFC standard when
queried with said packets.A large number of Christmas tree packets can also be used to conduct a DoS attack by exploiting the fact
that Christmas tree packets require much more processing by routers and end-hosts than the ‘usual’
packets do.
Christmas tree packets can be easily detected by intrusion-detection systems or more advanced firewalls.
From a network security point of view, Christmas tree packets are always suspicious and indicate a high
probability of network reconnaissance activities. This is not the attack illustrated in this question.
G: Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such
as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the
name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol.
Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can
reach up to 100 metres (328 ft) with powerful (Class 1) transmitters.
Bluejacking is usually harmless, but because bluejacked people generally don’t know what has happened,
they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but
with modern phones it’s possible to send images or sounds as well. Bluejacking has been used in guerrilla
marketing campaigns to promote advergames. This is not the attack illustrated in this question.
H: A ping of death is a type of attack on a computer that involves sending a malformed or otherwise
malicious ping to a computer.
A correctly formed ping message is typically 56 bytes in size, or 84 bytes when the Internet Protocol [IP]
header is considered. Historically, many computer systems could not properly handle a ping packet larger
than the maximum IPv4 packet size of 65535bytes. Larger packets could crash the target computer.
In early implementations of TCP/IP, this bug was easy to exploit. This exploit affected a wide variety of
systems, including Unix, Linux, Mac, Windows, printers, and routers.
Generally, sending a 65,536-byte ping packet violates the Internet Protocol as documented in RFC 791,
but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the
packet, a buffer overflow can occur, which often causes a system crash.
Later a different kind of ping attack became widespread—ping flooding simply floods the victim with so
much ping traffic that normal traffic fails to reach the system, a basic denial-of-service attack.
The exhibit shows that all the computers on the network are being ‘pinged’. This indicates that the ping
request was sent to the network broadcast address. This is more typical of a smurf attack than a ping of
death attack.
http://www.webopedia.com/TERM/S/smurf.html
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
http://en.wikipedia.org/wiki/Backdoor_%28computing%29
http://en.wikipedia.org/wiki/Replay_attack
http://searchsecurity.techtarget.com/definition/spear-phishing
http://en.wikipedia.org/wiki/Christmas_tree_packet
http://en.wikipedia.org/wiki/Bluejacking
http://en.wikipedia.org/wiki/Ping_of_death


Leave a Reply