Exam 312-50v11 topic 1 question 194 discussion

TCP/IP hijacking involves the following processes. *The hacker sniffs the communication between the victim and host to obtain the victim’s ISN. *By using this ISN, the attacker sends a spoofed packet from the victim’s IP address to the host system. *The host machine responds to the victim, assuming that the packet arrived from it. This increments the sequence number.

The answer is B. Blind hijacking. Blind hijacking (as per the ECCouncile) is 'predicting' the ISN. Which is what Samuel did, thus causing Bob's connection to hang.

Blind Hijacking In blind hijacking, an attacker can inject malicious data or commands into intercepted communications in a TCP session, even if the victim disables source routing. For this purpose, the attacker must correctly guess the next ISN of a computer attempting to establish a connection. Although the attacker can send malicious data or a command, such as a password setting to allow access from another location on the network, the attacker cannot view the response. To be able to view the response, an MITM attack is a much better option.

Chat GBT answer is : The scenario described is a classic example of a TCP/IP hijacking attack, specifically a form of it called "TCP session hijacking." In this type of attack, the attacker intercepts an already established TCP session between two parties, predicts or guesses the next sequence number (ISN) to impersonate one of the parties, and then continues communication on behalf of the compromised user. So, the correct answer is: A. TCP/IP hijacking

blind jacking not right because the attacker predicting the isn and the isn get increment so TCP/IP hijack correct answer.

The answer is TCP/IP hijacking... it said the network being monitored and intercepted (sniffed) and then guessing the ISN https://ktflash.gitbooks.io/ceh_v9/content/103_network_level_session_hijacking.html

The correct option is A TCP/IP hijacking

its B, To carry out a blind hijacking attack, the attacker may use techniques such as session prediction or IP spoofing. Session prediction involves guessing the session ID or other information used to identify the session, while IP spoofing involves forging the IP address of one of the machines in the session in order to gain access to the communication channel. the text says 'predict'

In the blind hijacking the attacker injects malicious code and does not know the result. For this question, the answer is TCP/IP HiJacking

Has to be 'B' do to the attacker guessing the next sequence. If the attacker was not predicting the next sequence it would TCP/IP Hijacking.

Network Level Session Hijacking - TCP/IP Hijacking TCP/IP hijacking involves using spoofed packets to seize control of a connection between a victim and target machine. A victim's connection hangs, and an attacker is then able to communicate with the host’s machine as if the attacker is the victim. # Launch a TCP/IP hijacking attack, the attacker must be on the same network as the victim. (P.1435/1419)

here we see key words "spoofed" and "session hung". so it is TCP/IP hijacking. "TCP/IP hijacking involves using spoofed packets to seize control of a connection between a victim and target machine A victim's connection hangs, and an attacker is then able to communicate with the host’s machine as if the attacker is the victim "

Keyword is predict so its blind

blind In blind hijacking, an attacker predicts the sequence numbers that a victim host sends to createa connection that appears to originate from the host or a blind spoof.

the answer is A

correct

See definitions. Blind is where the attacker does not see the responses