ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 209 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 209
Topic #: 1
[All 312-50v13 Questions]

A security analyst is investigating a potential network-level session hijacking incident. During the investigation, the analyst finds that the attacker has been using a technique in which they injected an authentic-looking reset packet using a spoofed source IP address and a guessed acknowledgment number. As a result, the victim's connection was reset. Which of the following hijacking techniques has the attacker most likely used?

  • A. Blind hijacking
  • B. UDP hijacking
  • C. RST hijacking
  • D. TCP/IP hijacking
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by killwitch at March 18, 2025, 4:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
e30b32d
1 month, 1 week ago
Selected Answer: C
Here the keyword is "reset" and answer is RST hijacking
upvoted 1 times
...
KnightHeart
1 month, 1 week ago
Selected Answer: A
" a guessed acknowledgment number" mean it is a blind hijacking The attacker spoofed the source IP (making it “blind” to the victim’s actual traffic) and guessed the acknowledgment number to send an RST packet. This matches the definition of blind hijacking, where the attacker disrupts or injects data without direct visibility into the session.
upvoted 1 times
KnightHeart
1 month, 1 week ago
“RST hijacking” is not a standard term in cybersecurity. RST packets are used in TCP to reset connections, but the broader technique of using RST for disruption falls under session hijacking methods
upvoted 1 times
...
...
[Removed]
2 months, 2 weeks ago
Selected Answer: C
C. RST Hijacking This is a form of TCP session hijacking where the attacker sends a forged TCP RST (reset) packet to one or both ends of a connection, spoofing the IP and guessing the sequence/ack number to terminate the connection.
upvoted 1 times
...
killwitch
3 months, 2 weeks ago
Selected Answer: C
RST hijacking is an attack technique where an attacker injects a forged TCP Reset (RST) packet into an active session. This attack is effective because TCP connections rely on sequence and acknowledgment numbers for maintaining session integrity. In this scenario: - The attacker spoofed the source IP address to match one of the communicating parties. - The attacker guessed the acknowledgment number to make the injected RST packet appear legitimate. - As a result, the victim's connection was forcibly reset and terminated. This aligns precisely with RST hijacking, making it the most appropriate answer.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel