What technique is being used if an attacker sends fragmented packets where "shadow" overwrites "junker" when reassembled?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the SANS Cyber Aces Test with flashcards and multiple choice questions. Each question includes detailed explanations. Get exam-ready today!

Multiple Choice

What technique is being used if an attacker sends fragmented packets where "shadow" overwrites "junker" when reassembled?

Explanation:
The technique described in the question involves sending fragmented packets in such a way that the fragments can overlap, allowing one fragment to overwrite parts of another when they are reassembled at the target. This is characteristic of an overlapping fragment attack. In this type of attack, the attacker takes advantage of the reassembly process of IP packets. When packets are fragmented, they can be sent in overlapping segments, and if the overlapping segments are processed in a certain way, one segment can overshadow or replace the contents of another. This can lead to unexpected behavior at the receiving end, where the attacker can control what data is interpreted as part of the original message or command. The other techniques listed do not share this specific characteristic. IP spoofing involves forging the source IP address of packets to hide the attacker's identity. Session hijacking focuses on taking control of a user session after it has been established. Protocol manipulation generally refers to changing the way communication protocols are used but doesn't involve the specific mechanism of using fragmented packets to overwrite data. Thus, the overlapping fragment attack is the most appropriate choice based on the functionality described.

The technique described in the question involves sending fragmented packets in such a way that the fragments can overlap, allowing one fragment to overwrite parts of another when they are reassembled at the target. This is characteristic of an overlapping fragment attack.

In this type of attack, the attacker takes advantage of the reassembly process of IP packets. When packets are fragmented, they can be sent in overlapping segments, and if the overlapping segments are processed in a certain way, one segment can overshadow or replace the contents of another. This can lead to unexpected behavior at the receiving end, where the attacker can control what data is interpreted as part of the original message or command.

The other techniques listed do not share this specific characteristic. IP spoofing involves forging the source IP address of packets to hide the attacker's identity. Session hijacking focuses on taking control of a user session after it has been established. Protocol manipulation generally refers to changing the way communication protocols are used but doesn't involve the specific mechanism of using fragmented packets to overwrite data. Thus, the overlapping fragment attack is the most appropriate choice based on the functionality described.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy