The helpdesk is receiving multiple calls about slow and intermittent Internet access from the
finance department. The network administrator reviews the tickets and compiles the following
information for the security administrator:
——
Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0
Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0
Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0
All callers are connected to the same switch and are routed by a router with five built-in interfaces.
The upstream router interface’s MAC is 00-01-42-32-ab-1a
——
The security administrator brings a laptop to the finance office, connects it to one of the wall jacks,
starts up a network analyzer, and notices the following:
09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
09:05:15.934840 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
09:05:19.931482 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
Which of the following can the security administrator determine from the above information?
A.
A man in the middle attack is underway – implementing static ARP entries is a possible solution.
B.
An ARP flood attack targeted at the router is causing intermittent communication –
implementing IPS is a possible solution.
C.
The default gateway is being spoofed – implementing static routing with MD5 is a possible
solution.
D.
The router is being advertised on a separate network – router reconfiguration is a possible
solution.