Which of the following countermeasures will NOT be effective against this attack?
You are writing security policy that hardens and prevents Footprinting attempt by Hackers. Which
of the following countermeasures will NOT be effective against this attack?
What type of cookies can be generated while visiting different web sites on the Internet?
What type of cookies can be generated while visiting different web sites on the Internet?
What kind of attack did the Hacker attempt to carry out at the bank?
Bank of Timbuktu is a medium-sized, regional financial institution in Timbuktu. The bank has
deployed a new Internet-accessible Web application recently. Customers can access their account
balances, transfer money between accounts, pay bills and conduct online financial business using
a Web browser.
John Stevens is in charge of information security at Bank of Timbuktu. After one month in
production, several customers have complained about the Internet enabled banking application.
Strangely, the account balances of many of the bank’s customers had been changed! However,
money hasn’t been removed from the bank; instead, money was transferred between accounts.
Given this attack profile, John Stevens reviewed the Web application’s logs and found the
following entries:
What kind of attack did the Hacker attempt to carry out at the bank?
Which is the right sequence of packets sent during the initial TCP three way handshake?
Which is the right sequence of packets sent during the initial TCP three way handshake?
How will you stop web spiders from crawling certain directories on your website?
WWW wanderers or spiders are programs that traverse many pages in the World Wide Web by
recursively retrieving linked pages. Search engines like Google, frequently spider web pages for
indexing. How will you stop web spiders from crawling certain directories on your website?
What is Hunt used for?
What is Hunt used for?
What are the next sequence and acknowledgement numbers that the router will send to the victim machine?
You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to Cisco
router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and acknowledgement
numbers to successfully hijack the telnet session.
Here is the captured data in tcpdump.
What are the next sequence and acknowledgement numbers that the router will send to the victim
machine?
what range of sequence numbers should a packet, sent by the client fall in order to be accepted by the server?
You want to carry out session hijacking on a remote server. The server and the client are
communicating via TCP after a successful TCP three way handshake. The server has just
received packet #120 from the client. The client has a receive window of 200 and the server has a
receive window of 250.
Within what range of sequence numbers should a packet, sent by the client fall in order to be
accepted by the server?
What type of scan is Hayden attempting here?
Hayden is the network security administrator for her company, a large finance firm based in Miami.
Hayden just returned from a security conference in Las Vegas where they talked about all kinds of
old and new security threats; many of which she did not know of. Hayden is worried about the
current security state of her company’s network so she decides to start scanning the network from
an external IP address. To see how some of the hosts on her network react, she sends out SYN
packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the
connection is established she sends RST packets to those hosts to stop the session. She does
this to see how her intrusion detection system will log the traffic. What type of scan is Hayden
attempting here?
How would you prevent session hijacking attacks?
How would you prevent session hijacking attacks?