978-0840020932 Chapter 7

Chapter 7: Spoofing

TRUE/FALSE

1. TCP/IP has a basic flaw that allows IP spoofing. This is due to the fact that trust and authentication have

an linear relationship.

2. A successful IP spoofing attack requires more than simply forging a single header. On the contrary, there

must be a complete, sustained dialogue between the machines for a minimum of five packets.

3. Identifying a trust relationship from your network to an outside machine is a passive activity.

4. The costs to the victims of successful spoofing attacks are tied to the amount of information that was

copied and the sensitivity of the data.

5. Arpspoof, part of the Ettercap suite, can be used to spoof ARP tables.

MULTIPLE CHOICE

1. ____ can be define as misrepresenting the sender of a message (e-mail, IM, letter, resume, etc.) in a way

that causes the human recipient to behave a certain way.

a.

Hijacking

c.

Spoofing

b.

Skipjacking

d.

Poisoning

2. ____ takes care of the transport between machines. But it is unreliable, and there is no guarantee that any

given packet will arrive unscathed.

a.

TCP

c.

ARP

b.

IP

d.

RIP

3. ____ loss is a loss of, or the untimely publication of, strategic data that outlines events planned for the

future.

a.

Strategic

c.

General data

b.

Economic

d.

Position

4. A(n) ____ stores the IP address and the corresponding Media Access Control (MAC) address of the

computer that would be notified to send data.

a.

IP table

c.

MAC table

b.

TCP table

d.

ARP table

5. When a hacker spoofs an IP address through a Web site, it is known as ____ spoofing.

a.

ARP

c.

IP

b.

Web

d.

active

COMPLETION

1. ____________________ can be defined as a sophisticated way to authenticate one machine to another

by using forged packets.

2. At the heart of internetworked systems are two critical issues: trust and ____________________.

3. ____________________ is any kind of spoofing where only one side of the relationship under attack is

in view.

4. In ____________________, the hacker can see both parties, observe the responses from the target

computer, and respond accordingly.

5. Modifying the Address Resolution Protocol (ARP) table for hacking purposes is called

____________________.

SHORT ANSWER

1. How can a computer be authenticated?

2. What are the steps to spoof a trusted machine relationship?

3. Briefly describe the main characteristics of economic loss as a result of a spoofing attack.

4. What are the main categories of spoofing?

5. How does DNS spoofing work?