You establish a new Web browser connection to Google. Since a 3-way handshake is required for any TCP connection, the following actions will take place.

– DNS query is sent to the DNS server to resolve www.google.com
– DNS server replies with the IP address for Google?
– SYN packet is sent to Google.
– Google sends back a SYN/ACK packet
– Your computer completes the handshake by sending an ACK
– The connection is established and the transfer of data commences

Which of the following packets represent completion of the 3-way handshake?

Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network.

He receives the following SMS message during the weekend.

An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason’s network with the hping command.

Which of the following hping2 command is responsible for the above snort alert? (Exhibit)

In this type of Man-in-the-Middle attack, packets and authentication tokens are captured using a sniffer. Once the relevant information is extracted, the tokens are placed back on the network to gain access.

What framework architecture is shown in this exhibit?

A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but in addition to the expected function steals information or harms the system.

The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today’s end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software.

What is Rogue security software?

Lori was performing an audit of her company’s internal Sharepoint pages when she came across the following code: What is the purpose of this code?

Which of the following statement correctly defines ICMP Flood Attack? (Select 2 answers)

Attackers footprint target Websites using Google Hacking techniques. Google hacking is a term that refers to the art of creating complex search engine queries. It detects websites that are vulnerable to numerous exploits and vulnerabilities. Google operators are used to locate specific strings of text within the search results.

The configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. WordPress uses config.php that stores the database Username and Password.

Which of the below Google search string brings up sites with "config.php" files?

BankerFox is a Trojan that is designed to steal users’ banking data related to certain banking entities.

When they access any website of the affected banks through the vulnerable Firefox 3.5 browser, the Trojan is activated and logs the information entered by the user. All the information entered in that website will be logged by the Trojan and transmitted to the attacker’s machine using covert channel.

BankerFox does not spread automatically using its own means. It needs an attacking user’s intervention in order to reach the affected computer.

What is the most efficient way an attacker located in remote location to infect this banking Trojan on a victim’s machine?

This tool is widely used for ARP Poisoning attack. Name the tool.