Certified Ethical Hacker (CEH v12) — Question 205

A security analyst is investigating a potential network-level session hijacking incident. During the investigation, the analyst finds that the attacker has been using a technique in which they injected an authentic-looking reset packet using a spoofed source IP address and a guessed acknowledgment number. As a result, the victim's connection was reset. Which of the following hijacking techniques has the attacker most likely used?

Answer options

• A. Blind hijacking
• B. UDP hijacking
• C. RST hijacking
• D. TCP/IP hijacking

Correct answer: C

Explanation

The correct answer is C, RST hijacking, as it involves the attacker sending a reset packet to terminate an active session, which matches the scenario described. Option A, Blind hijacking, typically refers to intercepting a session without knowledge of the sequence numbers, while option B, UDP hijacking, is not applicable since it deals with a connectionless protocol. Option D, TCP/IP hijacking, is too broad and does not specify the reset packet technique used.