Network Sniffer Attack

C.

The type of attack described in the scenario is a replay attack, which is option C.

A replay attack involves an attacker intercepting a legitimate transaction between two parties, recording the transaction data (e.g., packets), and then replaying that data at a later time to the same or a different target system. The objective of a replay attack is to impersonate the original sender or gain unauthorized access to a system or resource.

In this scenario, the attacker used a network sniffer to capture the packets of a legitimate transaction that added $20 to a gift card. The attacker then used a function of the sniffer to push those packets back onto the network again, adding another $20 to the gift card. This process can be repeated many times, allowing the attacker to continuously add funds to the gift card.

The other answer options do not fit the scenario as well as the replay attack does:

• An integer overflow attack (option A) involves manipulating arithmetic operations to cause a value to exceed its intended range or capacity. This does not apply to the scenario as the attack involves the replay of captured packets, not arithmetic operations.
• A Smurf attack (option B) is a type of Denial of Service (DoS) attack in which an attacker floods a target network with ICMP packets, causing congestion and disruption. This also does not apply to the scenario as the attack does not involve flooding a network with ICMP packets.
• A buffer overflow attack (option D) involves overwriting a buffer's boundary to cause a program to execute arbitrary code or crash. This does not apply to the scenario as the attack involves the replay of captured packets, not overwriting a buffer's boundary.
• A cross-site scripting (XSS) attack (option E) involves injecting malicious code into a web application to steal data or execute arbitrary code on the victim's machine. This does not apply to the scenario as the attack does not involve a web application or malicious code injection.