+ Reply to Thread
Results 1 to 5 of 5
  1. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,327

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #1

    Question TechNotes Practice tests

    Hi everybody,

    I'm trying to workout the practice questions provided by TechExams forums, and I need your help to get explanations.

    Question #7
    7. Which of the following attacks is NOT aimed at fragmentation vulnerabilities of the IP stack?

    Answer: Smurf Attack.
    Isn't the ICMP part of the IP Stack ? Isn't this attack happening due to inherent weakness of TCP/IP stack ?

    please help
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  2. SS -->
  3. Drops by now and again astorrs's Avatar
    Join Date
    May 2008
    Location
    Vancouver, Canada
    Posts
    3,141

    Certifications
    I have numerous certs from VMware, Citrix, Microsoft, EMC, Nimble Storage, Palo Alto Networks and more...
    #2
    Quote Originally Posted by UnixGuy View Post
    Hi everybody,

    I'm trying to workout the practice questions provided by TechExams forums, and I need your help to get explanations.



    Isn't the ICMP part of the IP Stack ? Isn't this attack happening due to inherent weakness of TCP/IP stack ?

    please help
    A Smurf Attack isn't taking advantage of fragmentation vulnerabilities; instead it's exploiting the normal behavior of the ICMP echo command and causing a denial-of-service attack against the target.
    Reply With Quote Quote  

  4. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,327

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #3
    Quote Originally Posted by astorrs View Post
    A Smurf Attack isn't taking advantage of fragmentation vulnerabilities; instead it's exploiting the normal behavior of the ICMP echo command and causing a denial-of-service attack against the target.

    Can you please give me examples of Fragmentation vulnerabilities in IP Stack ?
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  5. Drops by now and again astorrs's Avatar
    Join Date
    May 2008
    Location
    Vancouver, Canada
    Posts
    3,141

    Certifications
    I have numerous certs from VMware, Citrix, Microsoft, EMC, Nimble Storage, Palo Alto Networks and more...
    #4
    Quote Originally Posted by UnixGuy View Post
    Can you please give me examples of Fragmentation vulnerabilities in IP Stack ?
    Have a look at the teardrop attack of "yesteryear" (pretty much useless these days) as it's a good example.
    Reply With Quote Quote  

  6. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,327

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #5
    Thanks

    I need serious review specially Cryptography.
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks