Question 1

Hijacking differs from spoofing in that the takeover occurs during an authenticated session.

Accepted Answer

Hijacking involves taking control of a communication session after it has been established and authenticated, whereas spoofing involves impersonating another entity or device, often before authentication occurs.

Question 2

A TCP session can be hijacked only before the hosts have authenticated successfully.

Accepted Answer

TCP session hijacking can occur at any point during an active session, not just before authentication. It involves taking over a session between two machines after it has been established, regardless of the authentication state.

Question 3

A successful hijacking takes place when a hacker intervenes in a TCP conversation and then takes the role of either host or recipient.

Accepted Answer

In a TCP hijacking attack, a hacker intercepts and takes control of a TCP session between two hosts by impersonating one of the parties, effectively allowing them to send and receive data that was intended for one of the original participants in the conversation.

Question 4

Hunt performs sniffing in addition to session hijacking.

Accepted Answer

Hunt is a tool that can be used for both sniffing network traffic to capture data and for session hijacking, where it takes over a session between a client and server by exploiting vulnerabilities in the network communication.

Question 5

Since UDP does not have many error recovery features, it is more resistant to hijacking.

Accepted Answer

UDP's lack of error recovery features actually makes it less secure and more susceptible to hijacking and other forms of attack, as it does not include mechanisms for ensuring data integrity or secure connections.

Question 6

TCP works with ____ to manage data packets on the network.&#10;A)IP&#10;B)FIN&#10;C)ARP&#10;D)SSH

Accepted Answer

TCP (Transmission Control Protocol) works with IP (Internet Protocol) to manage data packets on the network. IP handles the delivery of packets, while TCP ensures the reliable transmission of data by managing packet order and integrity.

Question 7

A TCP connection can be broken either by exchanging the FIN packets or by sending ____ packets.&#10;A)ACK&#10;B)END&#10;C)STP&#10;D)RST

Accepted Answer

A TCP connection can be terminated either by exchanging FIN packets in an orderly shutdown or abruptly by sending a RST (Reset) packet. The RST packet is used to immediately terminate a connection.

Question 8

____ solves the ACK storm issue and facilitates TCP session hijacking.&#10;A)SSL&#10;B)Storm watching&#10;C)Packet blocking&#10;D)Encryption

Accepted Answer

Packet blocking can prevent ACK storms by blocking unnecessary or malicious packets, which can also be used to facilitate TCP session hijacking by intercepting and manipulating packet flows.

Question 9

A route table has two sections: the active routes and the ____.&#10;A)close routes&#10;B)active connections&#10;C)alternate routes&#10;D)passive routes

Accepted Answer

The answer of A route table has two sections: the...

Question 10

A(n) ____ on a computer stores the IP address and the corresponding MAC address.&#10;A)IP table&#10;B)TCP table&#10;C)UDP table&#10;D)ARP table

Accepted Answer

The ARP (Address Resolution Protocol) table on a computer is used to store the IP addresses and their corresponding MAC (Media Access Control) addresses. This table helps in mapping the network layer addresses (IP addresses) to the data link layer addresses (MAC addresses), facilitating communication within a network.

Question 11

_________________________ occurs when a hacker takes control of a TCP session between two hosts.

Accepted Answer

The answer of _________________________ occurs when a hacker takes control...

Question 12

____________________ is a debugging technique that allows packets to explicitly state the route they will follow to their destination rather than follow normal routing rules.

Accepted Answer

The answer of ____________________ is a debugging technique that allows...

Question 13

A(n) ____________________ shows the way to the address sought, or the way to the nearest source that might know the address.

Accepted Answer

The answer of A(n) ____________________ shows the way to the...

Question 14

____________________ was developed by Pavel Krauz, inspired by Juggernaut, another session hijacking tool.

Accepted Answer

The answer of ____________________ was developed by Pavel Krauz, inspired...

Question 15

____________________ refers to setting an IDS rule to watch for abnormal increases in network traffic and to alert the security officer when they occur.

Accepted Answer

The answer of ____________________ refers to setting an IDS rule...

Question 16

Describe the three-way handshake authentication method of TCP.

Accepted Answer

The answer of Describe the three-way handshake authentication method of...

Question 17

How can you stop a continuous ACK transfer by resynchronizing the client and server?

Accepted Answer

The answer of How can you stop a continuous ACK...

Question 18

Describe the reason why an ACK storm happens.

Accepted Answer

The answer of Describe the reason why an ACK storm...

Deck 8: Session Hijacking