ECCouncil Updated EC0-350 Exam Questions and Answers by leena

To compromise the data, the attack would need to be executed before the encryption takes place at either end of the tunnel. Trojan Horse and Back Orifice attacks both allow for potential data manipulation on host computers. In both cases, the data would be compromised either before encryption or after decryption, so IPsec is not preventing the attack.

When looking at an extracted LM hash, you will sometimes observe that the right most portion is always the same. This is padding that has been added to a password that is less than 8 characters long.

The LM hash is computed as follows.

1. The user’s password as an OEM string is converted to uppercase.

2. This password is either null-padded or truncated to 14 bytes.

3. The “fixed-length” password is split into two 7-byte halves.

4. These values are used to create two DES keys, one from each 7-byte half.

5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values.

6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.

Ethereal is used for sniffing traffic. It will return the best results when used on an unswitched (i.e. hub. network.