I got this question at a job interview, but I did not know the answer. I think t

Question

I got this question at a job interview, but I did not know the answer. I think they expected some shell command or packages, which can help react to the attack. Assume that, you are a system admin and you work for the Nokia Networks. This server store customers details and communicate with them when a customer want to report a problem or bug through the global and 2 internal networks. The attackers are using DNS-poison and they can also start the attack from the internal network, but these details were not specified. I know it could be a linux question, but actually it is connecting to the IT security too.

Explanation / Answer

If you notice that someone is actively man-in-the-middling a server the first thing you should do is inform your incident response/security team.

They should decide on mitigating controls, that's their task. It's highly dependable on what technology is being MiTM and in what way. It also depends largely on where the MiTM is occuring. Aside from re-adjusting routes to go across another network, there's not much you can do.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.