Which attack constructs a fake session by omitting the initial SYN and using only multiple ACK packets with RST or FIN packets?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which attack constructs a fake session by omitting the initial SYN and using only multiple ACK packets with RST or FIN packets?

Explanation:
This question hinges on how TCP sessions are tracked and how an attacker can exhaust a server’s resources without starting a normal connection. In TCP, establishing a connection normally begins with a SYN, then a SYN-ACK, and finally an ACK to complete the three-way handshake. If an attacker floods the target with spoofed ACK packets, sometimes with RST or FIN flags, the server may try to establish or maintain many fake sessions based on those ACKs. The server ends up allocating state and resources for each of these pretend connections, only to be overwhelmed as the flood continues. Since the initial SYN is omitted, this isn’t a standard SYN flood, but a flood of spoofed ACKs to create or consume session-tracking state. That specific behavior fits a Multiple ACK Spoofed Session Flood Attack best. The other options don’t match this pattern: a SYN flood overwhelms the server with SYNs to exhaust the backlog; a fragmentation attack exploits IP fragmentation issues; an HTTP POST attack targets application-level endpoints with POST data.

This question hinges on how TCP sessions are tracked and how an attacker can exhaust a server’s resources without starting a normal connection. In TCP, establishing a connection normally begins with a SYN, then a SYN-ACK, and finally an ACK to complete the three-way handshake. If an attacker floods the target with spoofed ACK packets, sometimes with RST or FIN flags, the server may try to establish or maintain many fake sessions based on those ACKs. The server ends up allocating state and resources for each of these pretend connections, only to be overwhelmed as the flood continues. Since the initial SYN is omitted, this isn’t a standard SYN flood, but a flood of spoofed ACKs to create or consume session-tracking state. That specific behavior fits a Multiple ACK Spoofed Session Flood Attack best.

The other options don’t match this pattern: a SYN flood overwhelms the server with SYNs to exhaust the backlog; a fragmentation attack exploits IP fragmentation issues; an HTTP POST attack targets application-level endpoints with POST data.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy