B.

netstat, ps, top

Explanation:
The easiest programs to trojan and the smartest ones to trojan are ones commonly run by
administrators and users, in this case netstat, ps, and top, for a complete list of commonly
trojaned and rootkited software please reference this URL:
http://www.usenix.org/publications/login/1999-9/features/rootkits.html

D.

 Implement RSA SecureID based authentication system

A.

John the Ripper can be used to crack a variety of passwords, but one limitation is that
the output doesn't show if the password is upper or lower case.

C.

 SYSKEY is an effective countermeasure.

E.

 Enforcing Windows complex passwords is an effective countermeasure.

Explanation: Explanations:
John the Ripper can be used to crack a variety of passwords, but one limitation is that the
output doesn't show if the password is upper or lower case. John the Ripper is a very
effective password cracker. It can crack passwords for many different types of operating
systems. However, one limitation is that the output doesn't show if the password is upper or
lower case. BY using NTLMV1, you have implemented an effective countermeasure to
password cracking. NTLM Version 2 (NTLMV2) is a good countermeasure to LM password
cracking (and therefore a correct answer). To do this, set Windows 9x and NT systems to
"send NTLMv2 responses only". SYSKEY is an effective countermeasure. It uses 128 bit
encryption on the local copy of the Windows SAM. If a Windows LM password is 7
characters or less, the has will be passed with the following characters:
0xAAD3B435B51404EE
Enforcing Windows complex passwords is an effective countermeasure to password
cracking. Complex passwords are- greater than 6 characters and have any 3 of the
following 4 items: upper case, lower case, special characters, and numbers.

C.

This command will detach from console and log all the collected passwords from the
network to a file.

Explanation:
-N = NON interactive mode (without ncurses)
-C = collect all users and passwords
-L = if used with -C (collector) it creates a file with all the password sniffed in the session in
the form "YYYYMMDD-collected-pass.log"
-z = start in silent mode (no arp storm on start up)
-s = IP BASED sniffing
-quiet = "demonize" ettercap. Useful if you want to log all data in background.

A.

Session Hijacking attacks

Explanation: The term Session Hijacking refers to the exploitation of a valid computer
session - sometimes also called a session key - to gain unauthorised access to information
or services in a computer system. In particular, it is used to refer to the theft of a magic
cookie used to authenticate a user to a remote server. It has particular relevance to web
developers, as the HTTP cookies used to maintain a session on many web sites can be
easily stolen by an attacker using an intermediary computer or with access to the saved
cookies on the victim's computer.

B.

 Null Scan

Explanation:
The types of port connections supported are:
TCP Full Connect. This mode makes a full connection to the target's TCP ports
and can save any data or banners returned from the target. This mode is the most
accurate for determining TCP services, but it is also easily recognized by Intrusion
Detection Systems (IDS).
UDP ICMP Port Unreachable Connect. This mode sends a short UDP packet to
the target's UDP ports and looks for an ICMP Port Unreachable message in return.
The absence of that message indicates either the port is used, or the target does
not return the ICMP message which can lead to false positives. It can save any
data or banners returned from the target. This mode is also easily recognized by
IDS.
TCP Full/UDP ICMP Combined. This mode combines the previous two modes into
one operation.
TCP SYN Half Open. (Windows XP/2000 only) This mode sends out a SYN packet
to the target port and listens for the appropriate response. Open ports respond
with a SYN|ACK and closed ports respond with ACK|RST or RST. This mode is
less likely to be noted by IDS, but since the connection is never fully completed, it
cannot gather data or banner information. However, the attacker has full control
over TTL, Source Port, MTU, Sequence number, and Window parameters in the
SYN packet.
TCP Other. (Windows XP/2000 only) This mode sends out a TCP packet with any
combination of the SYN, FIN, ACK, RST, PSH, URG flags set to the target port
and listens for the response. Again, the attacker can have full control over TTL,
Source Port, MTU, Sequence number, and Window parameters in the custom TCP
packet. The Analyze feature helps with analyzing the response based on the flag
settings chosen. Each operating system responds differently to these special
combinations. The tool includes presets for XMAS, NULL, FIN and ACK flag
settings.

A.

DNS Lookup

C.

Ping

D.

  Reverse DNS lookup

Explanation: Nmap performs four steps during a normal device scan. Some of these steps
can be modified or disabled using options on the nmap command line.
If a hostname is used as a remote device specification, nmap will perform a DNS
lookup prior to the scan.
Nmap pings the remote device. This refers to the nmap "ping" process, not
(necessarily) a traditional ICMP echo request.
If an IP address is specified as the remote device, nmap will perform a reverse
DNS lookup in an effort to identify a name that might be associated with the IP
address. This is the opposite process of what happens in step 1, where an IP
address is found from a hostname specification.
Nmap executes the scan. Once the scan is over, this four-step process is
completed. Except for the actual scan process in step four, each of these steps
can be disabled or prevented using different IP addressing or nmap options. The
nmap process can be as "quiet" or as "loud" as necessary!

C.

  Lynx

Explanation: Lynx is a program used to browse the World Wide Web, which works on
simple text terminals, rather than requiring a graphical computer display terminal.