Free Preparation Discussions
MENU
GAQM Exam CPEH-001 Topic 7 Question 101 Discussion
Topic #: 7
During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi-million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces?
When a Nic is set to Promiscuous mode it just blindly takes whatever comes through to it network interface and sends it to the Application layer. This is why they are so hard to detect. Actually you could use ARP requests and Send them to every pc and the one which responds to all the requests can be identified as a NIC on Promiscuous mode and there are some very special programs that can do this for you. But considering the alternatives in the question the right answer has to be that the interface cannot be detected.
Willetta
1 months agoStefania
2 months agoNovella
6 days agoMarla
7 days agoArletta
24 days agoMiriam
1 months agoPaola
2 months agoReena
2 months agoDolores
1 months agoSarah
1 months agoRosendo
1 months agoYvonne
2 months agoDarci
2 months agoVan
22 days agoLeota
26 days agoKatina
1 months agoLonna
1 months agoGlenna
2 months ago