Certified Ethical Hacker (CEH v13) — Question 152

A security analyst is investigating a potential network-level session hijacking incident. During the investigation, the analyst finds that the attacker has been using a technique in which they injected an authentic-looking reset packet using a spoofed source IP address and a guessed acknowledgment number. As a result, the victim's connection was reset. Which of the following hijacking techniques has the attacker most likely used?

Answer options

• A. Blind hijacking
• B. UDP hijacking
• C. RST hijacking
• D. TCP/IP hijacking

Correct answer: C

Explanation

The correct answer is C, RST hijacking, as it specifically involves the use of reset packets to terminate a session. A is incorrect because blind hijacking does not rely on injecting reset packets; B is incorrect as UDP hijacking does not utilize TCP reset packets; D is too broad and does not specifically refer to the method described.