Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GCED Topic 8 Question 45 Discussion

Actual exam question for GIAC's GCED exam
Question #: 45
Topic #: 8
[All GCED Questions]

A compromised router is reconfigured by an attacker to redirect SMTP email traffic to the attacker's server before sending packets on to their intended destinations. Which IP header value would help expose anomalies in the path outbound SMTP/Port 25 traffic takes compared to outbound packets sent to other ports?

Show Suggested Answer Hide Answer
Suggested Answer: C

In a case study of a redirect tunnel set up on a router, some anomalies were noticed while watching network traffic with the TCPdump packet sniffer.

Packets going to port 25 (Simple Mail Transfer Protocol [SMTP] used by mail servers and other Mail Transfer Agents [MTAs] to send and receive e-mail) were apparently taking a different network path. The TLs were consistently three less than other destination ports, indicating another three network hops were taken.

Other IP header values listed, such as fragment offset. The acknowledgement number is a TCP, not IP, header field.


by Myra at Jul 12, 2024, 10:40 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Malcolm
4 months ago
Time to live (TTL) all the way, folks. Ain't no router-riding attacker gonna slip one past us with that telltale TTL signature.
upvoted 0 times
...
Laurena
4 months ago
Hmm, the TTL seems like the obvious choice here. Though I'm more curious about the attacker's router-wrangling skills. Must be one heck of a technician to pull that off!
upvoted 0 times
Sylvia
3 months ago
D: Definitely, it's not an easy task to redirect SMTP traffic without being detected. The TTL value can definitely help in identifying such anomalies.
upvoted 0 times
...
Sean
3 months ago
C: The attacker must have some serious technical expertise to pull off a router reconfiguration like that.
upvoted 0 times
...
Renato
3 months ago
B: Yeah, the TTL is crucial in determining the route packets take. But I'm also impressed by the attacker's skills in reconfiguring the router.
upvoted 0 times
...
Pearly
4 months ago
A: I think the Time to Live value would definitely help detect anomalies in the path outbound SMTP traffic takes.
upvoted 0 times
...
...
Sylvia
5 months ago
Time to live (TTL) is the way to go on this one. Gotta keep an eye on those pesky routers, you never know when they'll start acting up!
upvoted 0 times
...
Pok
5 months ago
The TTL value should definitely help spot the anomaly. Clever move by the attacker to redirect the SMTP traffic, but the TTL is a giveaway.
upvoted 0 times
Olive
3 months ago
I see, the Checksum could also be useful in detecting any changes in the packets.
upvoted 0 times
...
Celestina
3 months ago
A) Checksum
upvoted 0 times
...
Vicki
3 months ago
Exactly, the Time to Live value can reveal the altered path of SMTP traffic.
upvoted 0 times
...
Noemi
3 months ago
C) Time to live
upvoted 0 times
...
Hubert
3 months ago
The TTL value is crucial in detecting such anomalies.
upvoted 0 times
...
Tasia
3 months ago
D) Fragment offset
upvoted 0 times
...
Elly
3 months ago
C) Time to live
upvoted 0 times
...
Nikita
3 months ago
B) Acknowledgement number
upvoted 0 times
...
Paulina
3 months ago
A) Checksum
upvoted 0 times
...
Margart
3 months ago
C: The Time to Live value is crucial in detecting any redirection of SMTP traffic by the attacker.
upvoted 0 times
...
Carissa
3 months ago
B: Agreed, the TTL value can help us identify any unusual routing of SMTP traffic.
upvoted 0 times
...
Raylene
4 months ago
A: Definitely, the Time to Live value would be the key indicator here.
upvoted 0 times
...
...
Howard
5 months ago
I'm not sure, but I think it could also be D) Fragment offset.
upvoted 0 times
...
Mila
5 months ago
I agree with Janine, because the Time to live value can help detect anomalies in the path.
upvoted 0 times
...
Janine
5 months ago
I think the answer is C) Time to live.
upvoted 0 times
...

Save Cancel