The technique described is RST hijacking because the attacker sends spoofed TCP packets with the RST (reset) flag to forcibly terminate established TCP sessions. In TCP, an RST packet is used to immediately abort a connection. If an attacker can craft packets that appear to belong to an existing session (matching the 4-tuple and using plausible sequence/acknowledgment values), the receiving endpoint may accept the reset and tear down the connection. This creates disruption—sessions drop, users are disconnected, and applications experience errors—without the attacker needing to fully take over the session or inject meaningful application data.
The scenario matches this exactly: “spoofed TCP packets carrying the reset flag,” followed by “active sessions…abruptly terminated.” That is the hallmark outcome of RST-based session disruption. It is often used as a demonstration of how fragile sessions can be when attackers can spoof traffic within a path (or on the same network segment) and when defensive controls do not validate or protect sessions adequately.
Why the other options are incorrect:
UDP hijacking (A) doesn’t apply because UDP is connectionless and has no RST flag or session teardown mechanism like TCP.
Blind hijacking (C) refers to injecting traffic without seeing responses (guessing sequence numbers), but the specific mechanism asked here is the reset-flag termination; “blind” could be a property of how it’s done, not the named technique.
TCP/IP hijacking (D) is a broader category that includes multiple methods of taking over or manipulating TCP sessions. The question is specifically about using RST packets to kill sessions, which is most precisely called RST hijacking.
Therefore, the correct answer is B. RST Hijacking.
