Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM Exam CPEH-001 Topic 6 Question 95 Discussion

Actual exam question for GAQM's CPEH-001 exam
Question #: 95
Topic #: 6
[All CPEH-001 Questions]

During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi-million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces?

Show Suggested Answer Hide Answer
Suggested Answer: D

When a Nic is set to Promiscuous mode it just blindly takes whatever comes through to it network interface and sends it to the Application layer. This is why they are so hard to detect. Actually you could use ARP requests and Send them to every pc and the one which responds to all the requests can be identified as a NIC on Promiscuous mode and there are some very special programs that can do this for you. But considering the alternatives in the question the right answer has to be that the interface cannot be detected.


by Portia at Aug 24, 2024, 06:10 AM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Brett
10 months ago
Haha, Option C is like something out of a cartoon. 'I'm the IDS, and I'm going to knock myself off the network!' Good one!
upvoted 0 times
Vincenza
9 months ago
Lisandra: That's true, using a ping flood could be effective.
upvoted 0 times
...
Antonio
9 months ago
I think Option A might be a more practical approach to detect the sniffing interface.
upvoted 0 times
...
Lisandra
9 months ago
Yeah, it does seem a bit unrealistic.
upvoted 0 times
...
Golda
9 months ago
Option C does sound pretty funny, like a cartoon!
upvoted 0 times
...
...
Howard
10 months ago
I'm going to have to go with Option A. Ping flooding the sniffing interface seems like the most reliable way to expose its existence.
upvoted 0 times
Jeffrey
9 months ago
Yeah, I would also choose Option A. It's a smart way to expose its existence.
upvoted 0 times
...
Jutta
10 months ago
Agreed, it seems like the most reliable way to detect the sniffing interface.
upvoted 0 times
...
Roslyn
10 months ago
I think Option A is the way to go. Ping flooding the sniffing interface sounds like a good plan.
upvoted 0 times
...
...
Mireya
10 months ago
I think D) The sniffing interface cannot be detected makes sense, as it is completely unbound from the TCP/IP stack by default.
upvoted 0 times
...
Ranee
10 months ago
Option C is just silly. Setting your IP to the IDS and expecting it to knock you off? That's not how it works, come on!
upvoted 0 times
Jaime
10 months ago
B) Send your attack traffic and look for it to be dropped by the IDS.
upvoted 0 times
...
Chantay
10 months ago
A) Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
upvoted 0 times
...
...
Arlene
11 months ago
D is probably the correct answer. The vendor likely designed the system to keep the sniffing interface hidden and undetectable.
upvoted 0 times
Kanisha
10 months ago
D) The sniffing interface cannot be detected.
upvoted 0 times
...
Stephaine
10 months ago
A) Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
upvoted 0 times
...
...
Nikita
11 months ago
I'm not sure, but I think C) Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network could also work.
upvoted 0 times
...
Dierdre
11 months ago
I disagree, I believe the answer is B) Send your attack traffic and look for it to be dropped by the IDS.
upvoted 0 times
...
Na
11 months ago
I'm going with Option B. If the IDS is configured as described, it should drop any attack traffic, which would be a clear sign of the sniffing interface.
upvoted 0 times
...
Chana
11 months ago
I think the answer is A) Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
upvoted 0 times
...
Bette
11 months ago
Option A seems the most straightforward way to detect the sniffing interface. Sending a ping flood should reveal the latency in the responses, indicating the presence of the sniffing NIC.
upvoted 0 times
Bettina
10 months ago
C) Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network.
upvoted 0 times
...
Lettie
11 months ago
B) Send your attack traffic and look for it to be dropped by the IDS.
upvoted 0 times
...
Amber
11 months ago
A) Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
upvoted 0 times
...
...

Save Cancel