GIAC Exam GCED Topic 7 Question 39 Discussion

Actual exam question for GIAC's GCED exam

Question #: 39
Topic #: 7

A compromised router is reconfigured by an attacker to redirect SMTP email traffic to the attacker's server before sending packets on to their intended destinations. Which IP header value would help expose anomalies in the path outbound SMTP/Port 25 traffic takes compared to outbound packets sent to other ports?

AChecksum

BAcknowledgement number

CTime to live

DFragment offset

Show Suggested Answer

Suggested Answer: C

In a case study of a redirect tunnel set up on a router, some anomalies were noticed while watching network traffic with the TCPdump packet sniffer.

Packets going to port 25 (Simple Mail Transfer Protocol [SMTP] used by mail servers and other Mail Transfer Agents [MTAs] to send and receive e-mail) were apparently taking a different network path. The TLs were consistently three less than other destination ports, indicating another three network hops were taken.

Other IP header values listed, such as fragment offset. The acknowledgement number is a TCP, not IP, header field.

by Tegan at May 09, 2024, 05:10 PM

Limited Time Offer

25%

7 months ago

This question seems tricky; it's about a compromised router and SMTP redirection.

upvoted 0 times

...