• Choose a category
• All
• Classic-Fiction

C. Monitoring TCP sessions in order to initiate a session-hijacking attack

D. Locating a host susceptible to a session-hijack attack

18. What is session hijacking?

A. Monitoring UDP session

B. Monitoring TCP sessions

C. Taking over UDP sessions

D. Taking over TCP sessions

19. What types of packets are sent to the victim of a session-hijacking attack to cause them to close their end of the connection?

A. FIN and ACK

B. SYN or ACK

C. SYN and ACK

D. FIN or RST

20. What is an ISN?

A. Initiation Session Number

B. Initial Sequence Number

C. Initial Session Number

D. Indication Sequence Number

Answers to Review Questions

1. B. Traffic filtering is a method to prevent DoS attacks.

2. A. A zombie is a compromised system used to launch a DDoS attack.

3. C. Trinoo uses UDP to flood the target system with data.

4. A. The intrusion phase compromises and recruits zombie systems to use in the coordinated attack phase.

5. C. Targa is able to send eight different types of DoS attacks.

6. A. A smurf attack sends a large number of ICMP request frames with a spoofed address of the victim system.

7. B. A LAND attack sends packets to a system with that system as the source address, causing the system to try to reply to itself.

8. A. The Ping of Death attack sends packets that, when reassembled, are too large and cause the system to crash or lock up.

9. C. A Denial of Service attack works by preventing legitimate users from accessing the system.

10. B. The goal of a Denial of Service attack is to overload a system and cause it to stop responding.

11. D. TTYWatcher is used to perform session hijacking on Sun Solaris systems.

12. A. A sequence number indicates where the packet is located in the data steam so the receiving station can reassemble the data.

13. A, B, C. Passwords, credit card numbers, and other confidential data can be gathered in a session-hijacking attack. Authentication information isn't accessible because session hijacking occurs after the user has authenticated.

14. C. In order to perform a session-hijacking attack, the hacker must know the sequence number to use in the next packet so the server will accept the packet.

15. A. Juggernaut runs on Linux operating systems.

16. B. Encryption make any information the hacker gathers during a session-hijacking attempt unreadable.

17. B. Sniffing is usually used to locate the sequence number, which is necessary for a session hijack.

18. D. The most common form of session hijacking is the process of taking over a TCP session.

19. D. FIN (finish) and RST (reset) packets are sent to the victim to desynchronize their connection and cause them to close the existing connection.

20. B. ISN is the Initial Sequence Number that is sent by the host and is the starting point for the sequence numbers used in later packets.

Hacking Web Servers,

• Application

Vulnerabilities, and

Web-Based Password

Cracking Techniques

CEH EXAM OBJECTIVES COVERED IN THIS CHAPTER:

✓ Hacking Web Servers

List the Types of Web Server Vulnerabilities

Understand the Attacks against Web Servers

Understand IIS Unicode Exploits

Understand Patch Management Techniques

■ Understand Web Application Scanner

■ What Is Metasploit Framework?

Describe Web Server Hardening Methods

✓ Web Application Vulnerabilities

Understanding How Web Applications Work

Objectives of Web Application Hacking

■ Anatomy of an Attack

■ Web Application Threats

■ Understand Google Hacking

Understand Web Application Countermeasures

✓ Web-Based Password Cracking Techniques

List the Authentication Types

■ What Is a Password Cracker?

How Does a Password Cracker Work?

Understand Password Attacks-Classification

Understand Password Cracking Countermeasures

Web servers and web applications have a very high potential to be compromised. The primary reason for this is that the systems that run web server software must be publicly available on the Internet. Once a web server has been compromised, the system can provide hackers