Chat with AIExam 8: Session Hijacking
Describe the reason why an ACK storm happens.
(35) 
VerifiedThe ACK storm happens because the attacker was not in a place to stop or delete packets the trusted computer sent. An ACK storm will not occur if the attacker can place himself in the actual flow of the packets, but it takes a certain amount of daring to set up the situation so that you can put yourself in the flow. The attacker would have to be in control of the connection itself so that the session authentication takes place through the attacker's chosen channel.
_________________________ occurs when a hacker takes control of a TCP session between two hosts.
(43) VerifiedTCP session hijacking
Describe the three-way handshake authentication method of TCP.
(35) VerifiedIn the three-way handshake authentication method of TCP, a SYN packet is sent to the server by the client in order to initiate a connection. Then the server sends a SYN/ACK packet as an acknowledgment that the synchronization request by the client has been received, and awaits the final step. The client sends an ACK packet to the server. At this point, both the client and the server are ready to transmit and receive data. The connection ends with an exchange of Finish packets (FIN), or Reset packets (RST).
A TCP connection can be broken either by exchanging the FIN packets or by sending ____ packets.
(35) A(n) ____ on a computer stores the IP address and the corresponding MAC address.
(38) A route table has two sections: the active routes and the ____.
(36) A TCP session can be hijacked only before the hosts have authenticated successfully.
(36) ____________________ is a debugging technique that allows packets to explicitly state the route they will follow to their destination rather than follow normal routing rules.
(36) ____________________ was developed by Pavel Krauz, inspired by Juggernaut, another session hijacking tool.
(31) Since UDP does not have many error recovery features, it is more resistant to hijacking.
(36) ____ solves the ACK storm issue and facilitates TCP session hijacking.
(26) A successful hijacking takes place when a hacker intervenes in a TCP conversation and then takes the role of either host or recipient.
(34) A(n) ____________________ shows the way to the address sought, or the way to the nearest source that might know the address.
(43) How can you stop a continuous ACK transfer by resynchronizing the client and server?
(34) ____________________ refers to setting an IDS rule to watch for abnormal increases in network traffic and to alert the security officer when they occur.
(29) Hijacking differs from spoofing in that the takeover occurs during an authenticated session.
(27) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)