Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

GAQM Exam CPEH-001 Topic 6 Question 95 Discussion

Actual exam question for GAQM's CPEH-001 exam
Question #: 95
Topic #: 6
[All CPEH-001 Questions]

During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi-million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces?

Show Suggested Answer Hide Answer
Suggested Answer: D

When a Nic is set to Promiscuous mode it just blindly takes whatever comes through to it network interface and sends it to the Application layer. This is why they are so hard to detect. Actually you could use ARP requests and Send them to every pc and the one which responds to all the requests can be identified as a NIC on Promiscuous mode and there are some very special programs that can do this for you. But considering the alternatives in the question the right answer has to be that the interface cannot be detected.


Contribute your Thoughts:

Brett
2 months ago
Haha, Option C is like something out of a cartoon. 'I'm the IDS, and I'm going to knock myself off the network!' Good one!
upvoted 0 times
Vincenza
1 months ago
Lisandra: That's true, using a ping flood could be effective.
upvoted 0 times
...
Antonio
2 months ago
I think Option A might be a more practical approach to detect the sniffing interface.
upvoted 0 times
...
Lisandra
2 months ago
Yeah, it does seem a bit unrealistic.
upvoted 0 times
...
Golda
2 months ago
Option C does sound pretty funny, like a cartoon!
upvoted 0 times
...
...
Howard
3 months ago
I'm going to have to go with Option A. Ping flooding the sniffing interface seems like the most reliable way to expose its existence.
upvoted 0 times
Jeffrey
2 months ago
Yeah, I would also choose Option A. It's a smart way to expose its existence.
upvoted 0 times
...
Jutta
2 months ago
Agreed, it seems like the most reliable way to detect the sniffing interface.
upvoted 0 times
...
Roslyn
2 months ago
I think Option A is the way to go. Ping flooding the sniffing interface sounds like a good plan.
upvoted 0 times
...
...
Mireya
3 months ago
I think D) The sniffing interface cannot be detected makes sense, as it is completely unbound from the TCP/IP stack by default.
upvoted 0 times
...
Ranee
3 months ago
Option C is just silly. Setting your IP to the IDS and expecting it to knock you off? That's not how it works, come on!
upvoted 0 times
Jaime
2 months ago
B) Send your attack traffic and look for it to be dropped by the IDS.
upvoted 0 times
...
Chantay
2 months ago
A) Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
upvoted 0 times
...
...
Arlene
3 months ago
D is probably the correct answer. The vendor likely designed the system to keep the sniffing interface hidden and undetectable.
upvoted 0 times
Kanisha
3 months ago
D) The sniffing interface cannot be detected.
upvoted 0 times
...
Stephaine
3 months ago
A) Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
upvoted 0 times
...
...
Nikita
3 months ago
I'm not sure, but I think C) Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network could also work.
upvoted 0 times
...
Dierdre
3 months ago
I disagree, I believe the answer is B) Send your attack traffic and look for it to be dropped by the IDS.
upvoted 0 times
...
Na
3 months ago
I'm going with Option B. If the IDS is configured as described, it should drop any attack traffic, which would be a clear sign of the sniffing interface.
upvoted 0 times
...
Chana
3 months ago
I think the answer is A) Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
upvoted 0 times
...
Bette
4 months ago
Option A seems the most straightforward way to detect the sniffing interface. Sending a ping flood should reveal the latency in the responses, indicating the presence of the sniffing NIC.
upvoted 0 times
Bettina
2 months ago
C) Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network.
upvoted 0 times
...
Lettie
3 months ago
B) Send your attack traffic and look for it to be dropped by the IDS.
upvoted 0 times
...
Amber
3 months ago
A) Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77