Unauthorized Switch Attack | CompTIA Network+ Exam N10-007

Unauthorized Switch Attack

Prev Question Next Question

Question

An attacker has flooded the hardware tables of a switch to forward traffic to the attacker's IP address rather than the default router.

The traffic received is copied in real time, and then forwarded to the default router transparently from the end-user perspective.

Which of the following attacks are occurring in this scenario? (Choose two.)

A.

DNS poisoning B.

ARP poisoning C.

Man-in-the-middle D.

Ransomware E.

Evil twin F.

Reflective.

BC.

Explanations

An attacker has flooded the hardware tables of a switch to forward traffic to the attacker's IP address rather than the default router.

The traffic received is copied in real time, and then forwarded to the default router transparently from the end-user perspective.

Which of the following attacks are occurring in this scenario? (Choose two.)

A.

DNS poisoning

B.

ARP poisoning

C.

Man-in-the-middle

D.

Ransomware

E.

Evil twin

F.

Reflective.

BC.

The scenario described in the question involves an attacker who has flooded the hardware tables of a switch. This can be done by sending a large number of forged Address Resolution Protocol (ARP) packets to the switch, causing it to add incorrect entries to its MAC address table. This technique is known as ARP poisoning or ARP spoofing.

As a result of ARP poisoning, the switch will forward traffic to the attacker's IP address instead of the intended destination. The attacker can then intercept and analyze this traffic in real time before forwarding it to the default router, which makes the attack transparent from the end-user perspective.

Therefore, the first attack occurring in this scenario is ARP poisoning (option B). This attack is commonly used to launch Man-in-the-Middle (MitM) attacks, which allow the attacker to intercept, modify, or inject traffic between two parties without their knowledge.

The second attack occurring in this scenario is MitM (option C). By intercepting and analyzing the traffic, the attacker can potentially steal sensitive information, such as passwords or credit card numbers, or modify the traffic to inject malware or other malicious payloads.

The other options listed in the question are not relevant to the scenario described:

  • DNS poisoning (option A) involves modifying the DNS cache of a device or network to redirect traffic to a malicious website or IP address.
  • Ransomware (option D) is a type of malware that encrypts files or systems and demands payment in exchange for the decryption key.
  • Evil twin (option E) involves setting up a fake wireless access point (AP) to intercept and analyze traffic from legitimate users.
  • Reflective (option F) is not a known attack term in the context of networking or cybersecurity.

Prev Question Next Question