Eccouncil 312-50 Exam - Topic 8 Question 111 Discussion

Actual exam question for Eccouncil's 312-50 exam

Question #: 111
Topic #: 8

Jake, a network security specialist, is trying to prevent network-level session hijacking attacks in his company.

While studying different types of such attacks, he learns about a technique where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets. Which of the following types of network-level session hijacking attacks is Jake studying?

ARST Hijacking

BMan-in-the-middle Attack Using Forged ICMP and ARP Spoofing

CUDP Hijacking

DTCP/IP Hijacking
Explanation:
A man-in-the-middle attack using forged ICMP and ARP spoofing is a type of network-level session hijacking attack where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets and intercept or modify the data exchanged between the client and the server.
A man-in-the-middle attack using forged ICMP and ARP spoofing works as follows1:
The attacker sends a forged ICMP redirect message to the client, claiming to be the gateway. The ICMP redirect message tells the client to use the attacker's machine as the next hop for reaching the server's network. The client updates its routing table accordingly and starts sending packets to the attacker's machine instead of the gateway.
The attacker also sends a forged ARP reply message to the client, claiming to be the server. The ARP reply message associates the attacker's MAC address with the server's IP address. The client updates its ARP cache accordingly and starts sending packets to the attacker's MAC address instead of the server's MAC address.
The attacker receives the packets from the client and forwards them to the server, acting as a relay. The attacker can also monitor, modify, or drop the packets as they wish. The server responds to the packets and sends them back to the attacker, who then forwards them to the client. The client and the server are unaware of the attacker's presence and think they are communicating directly with each other.
Therefore, Jake is studying a man-in-the-middle attack using forged ICMP and ARP spoofing, which is a type of network-level session hijacking attack.

Show Suggested Answer

Suggested Answer: B

Network or TCP Session Hijacking | Ethical Hacking - GreyCampus

by Nathan at Aug 18, 2025, 01:46 AM

Limited Time Offer

25%

Off

Get Premium 312-50 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Teddy

5 months ago

Are we sure this is the right answer? Seems too complicated.

upvoted 0 times

...

Ronny

5 months ago

Totally agree, this is a sneaky technique!

upvoted 0 times

...

Nida

5 months ago

Wow, I had no idea ARP spoofing was so effective!

upvoted 0 times

...

Shawnda

5 months ago

I thought RST hijacking was more common for this?

upvoted 0 times

...

Elke

6 months ago

That's definitely a man-in-the-middle attack!

upvoted 0 times

...

Marcos

6 months ago

The way the attacker reroutes packets sounds exactly like the man-in-the-middle attack. I’m pretty confident that’s the right answer here.

upvoted 0 times

...

Elke

6 months ago

I’m a bit confused about the differences between UDP Hijacking and the other types. I feel like I need to revisit those concepts.

upvoted 0 times

...

Micaela

7 months ago

I think the man-in-the-middle attack using ARP spoofing fits the description best. I practiced a question like this in our last review session.

upvoted 0 times

...

Lettie

7 months ago

I remember studying session hijacking, but I’m not completely sure if it’s RST Hijacking or the man-in-the-middle attack. They both seem similar.

upvoted 0 times

...

Una

7 months ago

Based on the details provided, I think the answer is B. The attacker is using forged ICMP and ARP messages to redirect the traffic through their machine, which matches the description of a man-in-the-middle attack.

upvoted 0 times

...

Teddy

7 months ago

Hmm, the wording about "making it seem like the packets are flowing through the original path" is a bit confusing. I'll need to re-read that part carefully to make sure I'm not missing anything.

upvoted 0 times

...

Glenna

7 months ago

I've seen this type of attack before, so I'm confident I can identify the correct answer. The description of the attacker rerouting the packets through their machine is a clear sign of a man-in-the-middle attack.

upvoted 0 times

...

Pansy

8 months ago

Okay, let me think this through step-by-step. The key is understanding how the attacker inserts their machine into the communication path between the client and server.

upvoted 0 times

...