You establish a new Web browser connection to Google. Since a 3-way handshake is required for any TCP connection, the following actions will take place.

– DNS query is sent to the DNS server to resolve www.google.com
– DNS server replies with the IP address for Google?
– SYN packet is sent to Google.
– Google sends back a SYN/ACK packet
– Your computer completes the handshake by sending an ACK
– The connection is established and the transfer of data commences

Which of the following packets represent completion of the 3-way handshake?

When writing shellcodes, you must avoid ____________ because these will end the string.

Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network.

He receives the following SMS message during the weekend.
(exhibit)

An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason’s network with the hping command.

Which of the following hping2 command is responsible for the above snort alert?

The FIN flag is set and sent from host A to host B when host A has no more data to transmit (Closing a TCP connection). This flag releases the connection resources. However, host A can continue to receive data as long as the SYN sequence numbers of transmitted packets from host B are lower than the packet segment containing the set FIN flag.

In this type of Man-in-the-Middle attack, packets and authentication tokens are captured using a sniffer. Once the relevant information is extracted, the tokens are placed back on the network to gain access.

What framework architecture is shown in this exhibit?

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the line in the source code that might lead to buffer overflow?

William has received a Chess game from someone in his computer programming class through email. William does not really know the person who sent the game very well, but decides to install the game anyway because he really likes Chess.

After William installs the game, he plays it for a couple of hours. The next day, William plays the Chess game again and notices that his machine has begun to slow down. He brings up his Task Manager and sees the following programs running:

What has William just installed?

A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but in addition to the expected function steals information or harms the system.

The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today’s end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software.

What is Rogue security software?

Lori was performing an audit of her company’s internal Sharepoint pages when she came across the following code: What is the purpose of this code?