What is the consequence of an IDS stopping reassembly during a session splicing attack?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

What is the consequence of an IDS stopping reassembly during a session splicing attack?

Explanation:
Reassembly is needed for an IDS to see the complete payload of fragmented packets and understand the full context of a session. In a session splicing attack, fragments are manipulated, and without reassembly the IDS can’t piece together the stream to spot the malicious content. If reassembly is stopped, the IDS can’t recognize the attack, so there’s no log of the intrusion. In other words, the event goes undetected, leaving no audit record. The other outcomes assume the IDS actively detects or enforces the attack, which isn’t possible when it isn’t reassembling fragments.

Reassembly is needed for an IDS to see the complete payload of fragmented packets and understand the full context of a session. In a session splicing attack, fragments are manipulated, and without reassembly the IDS can’t piece together the stream to spot the malicious content. If reassembly is stopped, the IDS can’t recognize the attack, so there’s no log of the intrusion. In other words, the event goes undetected, leaving no audit record.

The other outcomes assume the IDS actively detects or enforces the attack, which isn’t possible when it isn’t reassembling fragments.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy