Samuel, a professional hacker, monitored and intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN,
Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with a packet having an incremented ISN. Consequently,
Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob.
What is the type of attack performed by Samuel in the above scenario?
The scenario describes an attack where Samuel monitors and intercepts traffic to predict Bob's Initial Sequence Number (ISN), uses a spoofed packet, and causes Bob's connection to hang while he communicates with the host machine on behalf of Bob. This matches the definition of TCP/IP hijacking, which involves intercepting a communication, predicting or guessing the next sequence number, and using spoofed packets to seize control of the session. The use of IP addresses, sequence numbers, and session hijacking are all indicative of TCP/IP hijacking.
TCP/IP hijacking involves the following processes. *The hacker sniffs the communication between the victim and host to obtain the victim’s ISN. *By using this ISN, the attacker sends a spoofed packet from the victim’s IP address to the host system. *The host machine responds to the victim, assuming that the packet arrived from it. This increments the sequence number.
The answer is B. Blind hijacking. Blind hijacking (as per the ECCouncile) is 'predicting' the ISN. Which is what Samuel did, thus causing Bob's connection to hang.
Network Level Session Hijacking - TCP/IP Hijacking TCP/IP hijacking involves using spoofed packets to seize control of a connection between a victim and target machine. A victim's connection hangs, and an attacker is then able to communicate with the host’s machine as if the attacker is the victim. # Launch a TCP/IP hijacking attack, the attacker must be on the same network as the victim. (P.1435/1419)
TCP/IP hijacking involves the following processes. The hacker sniffs the communication between the victim and host to obtain the victim’s ISN. By using this ISN, the attacker sends a spoofed packet from the victim’s IP address to the host system. The host machine responds to the victim, assuming that the packet arrived from it. This increments the sequence number. EC - CEH Book Pg 907
here we see key words "spoofed" and "session hung". so it is TCP/IP hijacking. "TCP/IP hijacking involves using spoofed packets to seize control of a connection between a victim and target machine A victim's connection hangs, and an attacker is then able to communicate with the host’s machine as if the attacker is the victim "
What makes C not to be correct ans. Mind you in blind hijacking attacker won't have access to the response from the server and it involved injection of malware i in the packets as far I am concerned C is the correct answer
What makes C not to be correct ans. Mind you in blind hijacking attacker won't have access to the response from the server and it involved injection of malware i in the packets as far I am concerned C is the correct answer
ISN stands for Initial Sequence Number - with UDP protocol you don't have sequence number, because it doesn't matter the order in with the packets are transmitted and received
the correct answer is B. https://encyclopedia.kaspersky.com/glossary/blind-hijacking/
it says prediction so the answer is B: Blind Hijacking
Correct answer is definitely A - TCP/IP Hijacking. Page 1419 from the textbook describe that: With TCP/IP Hijack attacker is sniffing communication and obtaining the ISN. When knowing the ISN is able to calculate the next valid ISN and send spoofed packets to target server. When server respond to the attacker it increments the ISN again, that way victim session is no longer valid and it will drop. Blind Hijacking is using similar approach - guessing the ISN, but in this case attacker is intercepting the session (similar to men-in-the-middle). As you can see they are similar but the major difference is that TCP/IP hijacking is closing victim session and attacker is continuing to communicate with server, while blind hijacking is MITM, where attacker is intercepting the traffic between victim and server
Answer is A. TCP/IP Hijacking - an attacker intercepts an established connection between two communicating parties by using spoofed packets and then pretends to be one of those parties.
See definitions. Blind is where the attacker does not see the responses
correct
the answer is A
blind In blind hijacking, an attacker predicts the sequence numbers that a victim host sends to createa connection that appears to originate from the host or a blind spoof.
Keyword is predict so its blind
The answer is TCP/IP hijacking... it said the network being monitored and intercepted (sniffed) and then guessing the ISN https://ktflash.gitbooks.io/ceh_v9/content/103_network_level_session_hijacking.html
correct
correct
Blind Hijacking In blind hijacking, an attacker can inject malicious data or commands into intercepted communications in a TCP session, even if the victim disables source routing. For this purpose, the attacker must correctly guess the next ISN of a computer attempting to establish a connection. Although the attacker can send malicious data or a command, such as a password setting to allow access from another location on the network, the attacker cannot view the response. To be able to view the response, an MITM attack is a much better option
What makes C not to be correct ans. Mind you in blind hijacking attacker won't have access to the response from the server and it involved injection of malware i in the packets as far I am concerned C is the correct answer
TCP/IP Hijacking In TCP/IP hijacking, an attacker intercepts an established connection between two communicating parties by using spoofed packets and then pretends to be one of those parties. In this approach, the attacker uses spoofed packets to redirect the TCP traffic to their own machine. Once this is successful, the victim's connection hangs, and the attacker is able to communicate with the host’s machine on behalf of the victim. To launch a TCP/IP hijacking attack, both the victim and attacker must be on the same network. The target server and the victim machines can be located anywhere. By using this technique, an attacker can easily attack systems that use one-time passwords. As illustrated in the below figure, TCP/IP hijacking involves the following processes.
Answer is A
Has to be 'B' do to the attacker guessing the next sequence. If the attacker was not predicting the next sequence it would TCP/IP Hijacking.
In the blind hijacking the attacker injects malicious code and does not know the result. For this question, the answer is TCP/IP HiJacking
its B, To carry out a blind hijacking attack, the attacker may use techniques such as session prediction or IP spoofing. Session prediction involves guessing the session ID or other information used to identify the session, while IP spoofing involves forging the IP address of one of the machines in the session in order to gain access to the communication channel. the text says 'predict'
The correct option is A TCP/IP hijacking
blind jacking not right because the attacker predicting the isn and the isn get increment so TCP/IP hijack correct answer.
Chat GBT answer is : The scenario described is a classic example of a TCP/IP hijacking attack, specifically a form of it called "TCP session hijacking." In this type of attack, the attacker intercepts an already established TCP session between two parties, predicts or guesses the next sequence number (ISN) to impersonate one of the parties, and then continues communication on behalf of the compromised user. So, the correct answer is: A. TCP/IP hijacking
Blind Hijacking In blind hijacking, an attacker can inject malicious data or commands into intercepted communications in a TCP session, even if the victim disables source routing. For this purpose, the attacker must correctly guess the next ISN of a computer attempting to establish a connection. Although the attacker can send malicious data or a command, such as a password setting to allow access from another location on the network, the attacker cannot view the response. To be able to view the response, an MITM attack is a much better option.