Ethical Hacking and Countermeasures
Question No: 271 – (Topic 7)
What port number is used by Kerberos protocol?
88 C. 419 D. 487
Explanation: Kerberos traffic uses UDP/TCP protocol source and destination port 88.
Question No: 272 – (Topic 7)
ettercap -NCLzs -quiet
What does the command in the exhibit do in “Ettercap”?
This command will provide you the entire list of hosts in the LAN
This command will check if someone is poisoning you and will report its IP.
This command will detach from console and log all the collected passwords from the network to a file.
This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.
Answer: C Explanation:
-N = NON interactive mode (without ncurses)
-C = collect all users and passwords
-L = if used with -C (collector) it creates a file with all the password sniffed in the session in the form quot;YYYYMMDD-collected-pass.logquot;
-z = start in silent mode (no arp storm on start up)
-s = IP BASED sniffing
-quiet = quot;demonizequot; ettercap. Useful if you want to log all data in background.
Question No: 273 – (Topic 7)
Steven is a senior security analyst for a state agency in Tulsa, Oklahoma. His agency is currently undergoing a mandated security audit by an outside consulting firm. The consulting firm is halfway through the audit and is preparing to perform the actual penetration testing against the agency’s network. The firm first sets up a sniffer on the agency’s wired network to capture a reasonable amount of traffic to analyze later. This takes approximately 2 hours to obtain 10 GB of data. The consulting firm then sets up a sniffer on the agency’s wireless network to capture the same amount
of traffic. This capture only takes about 30 minutes to get 10 GB of data. Why did capturing of traffic take much less time on the wireless network?
Because wireless access points act like hubs on a network
Because all traffic is clear text, even when encrypted
Because wireless traffic uses only UDP which is easier to sniff
Because wireless networks can’t enable encryption
Explanation: You can not have directed radio transfers over a WLAN. Every packet will be broadcasted as far as possible with no concerns about who might hear it.
Question No: 274 – (Topic 7)
Which of the following display filters will you enable in Ethereal to view the three- way handshake for a connection from host 192.168.0.1?
A. ip == 192.168.0.1 and tcp.syn
B. ip.addr = 192.168.0.1 and syn = 1
ip.addr==192.168.0.1 and tcp.flags.syn
ip.equals 192.168.0.1 and syn.equals on
Topic 8, Denial of Service
Question No: 275 – (Topic 8)
Eve decides to get her hands dirty and tries out a Denial of Service attack that is relatively new to her. This time she envisages using a different kind of method to attack Brownies Inc. Eve tries to forge the packets and uses the broadcast address. She launches an attack similar to that of fraggle. What is the technique that Eve used
in the case above?
Ping of Death
Explanation: A fraggle attack is a variation of the smurf attack for denial of service in which the attacker sends spoofed UDP packets instead of ICMP echo reply (ping) packets to the broadcast address of a large network.
Question No: 276 – (Topic 8)
The evil hacker, is purposely sending fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65,536 bytes. From the information given, what type of attack is attempting to perform?
Ping of death
Question No: 277 – (Topic 8)
Peter has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the External Gateway interface.
Further inspection reveals they are not responses from internal hosts request but
simply responses coming from the Internet. What could be the likely cause of this?
Someone Spoofed Peter’s IP Address while doing a land attack
Someone Spoofed Peter’s IP Address while doing a DoS attack
Someone Spoofed Peter’s IP Address while doing a smurf Attack
Someone Spoofed Peter’s IP address while doing a fraggle attack
Explanation: An attacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks with forged source address pointing to the target (victim) of the attack. All the systems on these networks reply to the victim with ICMP echo replies. This rapidly exhausts the bandwidth available to the target.
Question No: 278 – (Topic 8)
Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface.
Further inspection reveals that they are not responses from the internal hosts’ requests but simply responses coming from the Internet.
What could be the most likely cause?
Someone has spoofed Clive’s IP address while doing a smurf attack.
Someone has spoofed Clive’s IP address while doing a land attack.
Someone has spoofed Clive’s IP address while doing a fraggle attack.
Someone has spoofed Clive’s IP address while doing a DoS attack.
Explanation: The smurf attack, named after its exploit program, is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system. In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and
reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.
Question No: 279 – (Topic 8)
Peter is a Network Admin. He is concerned that his network is vulnerable to a smurf attack. What should Peter do to prevent a smurf attack?
Select the best answer.
He should disable unicast on all routers
Disable multicast on the router
Turn off fragmentation on his router
Make sure all anti-virus protection is updated on all systems
Make sure his router won#39;t take a directed broadcast
Unicasts are one-to-one IP transmissions, by disabling this he would disable most network transmissions but still not prevent the smurf attack. Turning of multicast or fragmentation on the router has nothing to do with Peter’s concerns as a smurf attack uses broadcast, not multicast and has nothing to do with fragmentation. Anti-virus protection will not help prevent a smurf attack. A smurf attack is a broadcast from a spoofed source. If directed broadcasts are enabled on the destination all the computers at the destination will respond to the spoofed source, which is really the victim. Disabling directed broadcasts on a router can prevent the attack.
Question No: 280 – (Topic 8)
You have been called to investigate a sudden increase in network traffic at company. It seems that the traffic generated was too heavy that normal business functions
could no longer be rendered to external employees and clients. After a quick investigation, you find that the computer has services running attached to TFN2k and Trinoo software. What do you think was the most likely cause behind this sudden increase in traffic?
A distributed denial of service attack.
A network card that was jabbering.
A bad route on the firewall.
Invalid rules entry at the gateway.
Explanation: In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high- profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB). TFN2K and Trinoo are tools used for conducting DDos attacks.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|