CompTIA Security+ Question J-25

Which of the following attacks involves the use of previously captured network traffic?

A. Replay
B. Smurf
C. Vishing

Answer: A

Replay attacks are becoming quite common. They occur when information is captured over a network. A replay attack is a kind of access or modification attack. In a distributed environment, logon and password information is sent between the client and the authentication system. The attacker can capture the information and replay it later. This can also occur with security certificates from systems such as Kerberos: The attacker resubmits the certificate, hoping to be validated by the authentication system and circumvent any time sensitivity. If this attack is successful, the attacker will have all of the rights and privileges from the original certificate. This is the primary reason that most certificates contain a unique session identifier and a time stamp. If the certificate has expired, it will be rejected and an entry should be made in a security log to notify system administrators.