Blind spoofing is a type of network attack that involves sending packets with a forged source IP address to a target system, without knowing the sequence number or acknowledgment number expected by the target system. The attacker hopes to guess the correct numbers and establish a connection with the target system, or cause a denial-of-service (DoS) attack by exhausting the target system's resources. Blind spoofing can be prevented by implementing an internet-facing router that is baselined/hardened according to approved configurations and settings. A baselined/hardened router is a router that has been configured with the minimum necessary services, protocols, and ports, and has been updated with the latest patches and security measures. A baselined/hardened router can filter out spoofed packets by checking the source IP address against a list of trusted or authorized addresses, or by using techniques such as ingress filtering, egress filtering, or reverse path forwarding. Media Access Control (MAC) flooding, SQL injection (SQLI), and ransomware are not attacks that can be prevented by implementing a baselined/hardened internet-facing router.
MAC flooding is a type of attack that targets the switch's MAC address table by sending a large number of frames with different source MAC addresses, causing the switch to overflow its table and act as a hub, broadcasting all frames to all ports. SQL injection is a type of attack that targets the web application's database by injecting malicious SQL statements into the user input, causing the database to execute unauthorized commands or reveal sensitive data. Ransomware is a type of malware that encrypts the victim's files or locks the victim's system, and demands a ransom for the decryption key or the unlock code. References: Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 4, Communication and Network Security, page
365. CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4, Communication and Network Security, page
331.