exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam

Exam 312-50v11 topic 1 question 194 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 194
Topic #: 1
[All 312-50v11 Questions]

Samuel, a professional hacker, monitored and intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN,
Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with a packet having an incremented ISN. Consequently,
Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob.
What is the type of attack performed by Samuel in the above scenario?

  • A. TCP/IP hijacking
  • B. Blind hijacking
  • C. UDP hijacking
  • D. Forbidden attack
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
cerzocuspi
Highly Voted 3 years, 5 months ago
TCP/IP hijacking involves the following processes. *The hacker sniffs the communication between the victim and host to obtain the victim’s ISN. *By using this ISN, the attacker sends a spoofed packet from the victim’s IP address to the host system. *The host machine responds to the victim, assuming that the packet arrived from it. This increments the sequence number.
upvoted 23 times
...
LoneStarChief
Highly Voted 2 years, 11 months ago
The answer is B. Blind hijacking. Blind hijacking (as per the ECCouncile) is 'predicting' the ISN. Which is what Samuel did, thus causing Bob's connection to hang.
upvoted 8 times
...
BallCS
Most Recent 2 months, 1 week ago
Selected Answer: B
Blind Hijacking In blind hijacking, an attacker can inject malicious data or commands into intercepted communications in a TCP session, even if the victim disables source routing. For this purpose, the attacker must correctly guess the next ISN of a computer attempting to establish a connection. Although the attacker can send malicious data or a command, such as a password setting to allow access from another location on the network, the attacker cannot view the response. To be able to view the response, an MITM attack is a much better option.
upvoted 1 times
...
learn_to_ethic
9 months, 1 week ago
Chat GBT answer is : The scenario described is a classic example of a TCP/IP hijacking attack, specifically a form of it called "TCP session hijacking." In this type of attack, the attacker intercepts an already established TCP session between two parties, predicts or guesses the next sequence number (ISN) to impersonate one of the parties, and then continues communication on behalf of the compromised user. So, the correct answer is: A. TCP/IP hijacking
upvoted 1 times
...
vinothkumars
1 year, 1 month ago
blind jacking not right because the attacker predicting the isn and the isn get increment so TCP/IP hijack correct answer.
upvoted 1 times
...
Pikuuu
1 year, 2 months ago
Selected Answer: A
The answer is TCP/IP hijacking... it said the network being monitored and intercepted (sniffed) and then guessing the ISN https://ktflash.gitbooks.io/ceh_v9/content/103_network_level_session_hijacking.html
upvoted 2 times
...
victorfs
1 year, 4 months ago
Selected Answer: A
The correct option is A TCP/IP hijacking
upvoted 1 times
...
Bob_234
1 year, 6 months ago
Selected Answer: B
its B, To carry out a blind hijacking attack, the attacker may use techniques such as session prediction or IP spoofing. Session prediction involves guessing the session ID or other information used to identify the session, while IP spoofing involves forging the IP address of one of the machines in the session in order to gain access to the communication channel. the text says 'predict'
upvoted 1 times
...
josevirtual
1 year, 10 months ago
Selected Answer: A
In the blind hijacking the attacker injects malicious code and does not know the result. For this question, the answer is TCP/IP HiJacking
upvoted 1 times
...
Dar87
1 year, 10 months ago
Selected Answer: B
Has to be 'B' do to the attacker guessing the next sequence. If the attacker was not predicting the next sequence it would TCP/IP Hijacking.
upvoted 1 times
...
Daniel8660
1 year, 11 months ago
Selected Answer: A
Network Level Session Hijacking - TCP/IP Hijacking TCP/IP hijacking involves using spoofed packets to seize control of a connection between a victim and target machine. A victim's connection hangs, and an attacker is then able to communicate with the host’s machine as if the attacker is the victim. # Launch a TCP/IP hijacking attack, the attacker must be on the same network as the victim. (P.1435/1419)
upvoted 5 times
...
ebuAkif
1 year, 12 months ago
Selected Answer: A
here we see key words "spoofed" and "session hung". so it is TCP/IP hijacking. "TCP/IP hijacking involves using spoofed packets to seize control of a connection between a victim and target machine A victim's connection hangs, and an attacker is then able to communicate with the host’s machine as if the attacker is the victim "
upvoted 3 times
...
uday1985
2 years ago
Keyword is predict so its blind
upvoted 2 times
...
Aisha86
2 years ago
blind In blind hijacking, an attacker predicts the sequence numbers that a victim host sends to createa connection that appears to originate from the host or a blind spoof.
upvoted 2 times
...
flinux
2 years, 1 month ago
Selected Answer: A
the answer is A
upvoted 2 times
...
cazzobsb
2 years, 5 months ago
Selected Answer: A
correct
upvoted 2 times
...
josek19
2 years, 6 months ago
Selected Answer: A
See definitions. Blind is where the attacker does not see the responses
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago