An attacker used packet fragmentation and manipulated TCP sequence numbers to inject packets into an already-established remote administration session. Because the fragments individually looked benign, the perimeter firewall and basic signature-only IDS missed the intrusion. Which hardening action will best prevent similar network-level session hijacking attempts even when an attacker employs fragmentation or TTL tricks to evade traditional inspection devices?
Deploy an IDS/IPS that performs TCP stream reassembly and sequence-number anomaly detection before forwarding traffic
Move sensitive management hosts to a dedicated 802.1Q VLAN without changing any inspection settings
Increase the default Time-to-Live (TTL) value on all outbound packets to the maximum supported by routers
Rely on MAC address filtering at layer-2 switches to block unknown senders on the internal VLAN
Packet injection after a three-way handshake works only when devices on the path will forward spoofed segments that appear to belong to an existing flow. An IDS/IPS (or a modern stateful firewall) that performs full TCP stream reassembly and validates sequence numbers rebuilds the entire conversation in memory, discards overlapping or out-of-window segments, and flags duplicate/abnormal sequence patterns. Because the malicious fragments will not fit correctly into the reassembled stream, they are dropped or trigger an alert, stopping the hijack attempt despite fragmentation or TTL manipulation. Raising a default TTL, disabling routing, or segregating hosts with static VLANs does not in itself validate sequence numbers or defeat packet injection attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is TCP stream reassembly and why is it important for intrusion prevention?
Open an interactive chat with Bash
How do TTL manipulation and fragmentation allow attackers to evade detection?
Open an interactive chat with Bash
What is sequence-number anomaly detection and how does it stop session hijacking?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .