Which of the following is a technique used to attack an Ethernet wired or wireless network?
A.
ARP poisoning
B.
DNS poisoning
C.
Mail bombing
D.
Keystroke logging
Explanation:
Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing
(APR), is a technique used to attack an Ethernet wired or wireless network. ARP spoofing may allow
an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic
altogether. The attack can only be used on networks that actually make use of ARP and not another
method of address resolution. The principle of ARP spoofing is to send fake ARP messages to an
Ethernet LAN. Generally, the aim is to associate the attacker’s MAC address with the IP address of
another node (such as the default gateway). Any traffic meant for that IP address would be
mistakenly sent to the attacker instead. The attacker could then choose to forward the traffic to the
actual default gateway (passive sniffing) or modify the data before forwarding it. ARP spoofing
attacks can be run from a compromised host, or from an attacker’s machine that is connected
directly to the target Ethernet segment.Answer C is incorrect. Mail bombing is an attack that is used to overwhelm mail servers and clients
by sending a large number of unwanted e-mails. The aim of this type of attack is to completely fill
the recipient’s hard disk with immense, useless files, causing at best irritation, and at worst total
computer failure. E-mail filtering and properly configuring email relay functionality on mail servers
can be helpful for protection against this type of attack.Answer B is incorrect. DNS poisoning is the process in which a DNS server may return an incorrect IP
address, diverting traffic to another computer.Answer D is incorrect. Keystroke logging is a method of logging and recording user keystrokes. It can
be performed with software or hardware devices. Keystroke logging devices can record everything a
person types using his keyboard, such as to measure employee’s productivity on certain clerical
tasks. These types of devices can also be used to get usernames, passwords, etc.