You work as a Network Administrator for SpyNet Inc. The company has a Windows-based network. You have been assigned the task of auditing the scheduled network security. After a regular audition, you suspect that the company is under attack by an intruder trying to gain access to the company’s network resources. While analyzing the log files, you find that the IP address of the intruder belongs to a trusted
partner company. Assuming this situation, which of the following attacks is the company being subjected to?
A.
Man-in-the-middle
B.
CookieMonster
C.
Phreaking
D.
Spoofing
Explanation:
Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using someone else’s IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to be misdirected. Answer option A is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets
passing between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host.
The receiving host responds to the software, presuming it to be the legitimate client. Answer option B is incorrect. A CookieMonster attack is a man-in-the-middle exploit where a third party can gain HTTPS cookie data when the ‘Encrypted Sessions Only’ property is not properly set. This could allow access to sites with sensitive personal or financial information. Users of the World Wide Web can reduce their exposure to CookieMonster attacks by avoiding websites that are vulnerable to these attacks.
Certain web browsers make it possible for the user to establish which sites these are. For example, users of the Firefox browser can go to the Privacy tab in the Preferences window, and click on ‘Show Cookies.’ For a given site, inspecting the individual cookies for the top level name of the site, and any subdomain names, will reveal if ‘Send For: Encrypted connections only,’ has been set. If it has, the user can test for the site’s vulnerability to CookieMonster attacks by deleting these cookies and visiting the site again. If the site still allows the user in, the site is vulnerable to CookieMonster attacks. Answer option C is incorrect. Phreaking is a process used to crack the phone system. The main aim of phreaking is to avoid paying for long-distance calls. As telephone networks have become computerized, phreaking has become closely linked with computer hacking. This is sometimes called the H/P culture (with H standing for Hacking and P standing for Phreaking).