ECCouncil Updated EC0-350 Exam Questions and Answers by fern

-l forces netcat to listen for incoming connections.

-u tells netcat to use UDP instead of TCP

-p 5555 tells netcat to use port 5555

< /etc/passwd tells netcat to grab the /etc/passwd file when connected to.

-N = NON interactive mode (without ncurses)

-C = collect all users and passwords

-L = if used with -C (collector) it creates a file with all the password sniffed in the session in the form "YYYYMMDD-collected-pass.log"

-z = start in silent mode (no arp storm on start up)

-s = IP BASED sniffing

--quiet = "demonize" ettercap. Useful if you want to log all data in background.

Explanations:

By using port security on his switches, the switches will only allow the first MAC address that is connected to the switch to use that port, thus preventing ARP spoofing.ARPWatch is a tool that monitors for strange ARP activity. This may help identify ARP spoofing when it happens. Using firewalls between all LAN segments is possible and may help, but is usually pretty unrealistic. On a very small network, static ARP entries are a possibility. However, on a large network, this is not an realistic option. ARP spoofing doesn't have anything to do with static or dynamic IP addresses. Thus, this option won't help you.

Brute force attacks are performed with tools that cycle through many possible character, number, and symbol combinations to guess a password. Since the token allows offline checking of PIN, the cracker can keep trying PINS until it is cracked.