Which attack creates a fake session by sending multiple SYN and multiple ACK packets along with one or more RST or FIN packets?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which attack creates a fake session by sending multiple SYN and multiple ACK packets along with one or more RST or FIN packets?

Explanation:
This question tests how a TCP session can be flooded with fake connections by manipulating the three-way handshake. In TCP, a connection starts when a client sends a SYN, the server replies with a SYN-ACK, and the client completes the handshake with an ACK. If an attacker forges source addresses and sends multiple SYNs and then also sends matching ACKs (from those forged addresses) so the handshake appears to complete, the server ends up allocating resources for many fake, established sessions. Tossing in one or more RST or FIN packets can terminate some of these sessions or reset them, further exhausting server resources and keeping legitimate clients from establishing real connections. This combination specific to spoofed SYN-ACKs that lead to fake sessions is why the attack is described as multiple SYN-ACK spoofed sessions flood. Context: while a simple SYN flood overwhells the server with half-open connections by sending SYNs and not completing handshakes, this scenario involves completing handshakes with spoofed ACKs to create real-looking sessions. The HTTP GET attack targets application data, not the TCP handshake process, and a spoofed ACK flood lacks the initial SYN to establish those fake sessions, so it doesn’t fit as well.

This question tests how a TCP session can be flooded with fake connections by manipulating the three-way handshake. In TCP, a connection starts when a client sends a SYN, the server replies with a SYN-ACK, and the client completes the handshake with an ACK. If an attacker forges source addresses and sends multiple SYNs and then also sends matching ACKs (from those forged addresses) so the handshake appears to complete, the server ends up allocating resources for many fake, established sessions. Tossing in one or more RST or FIN packets can terminate some of these sessions or reset them, further exhausting server resources and keeping legitimate clients from establishing real connections. This combination specific to spoofed SYN-ACKs that lead to fake sessions is why the attack is described as multiple SYN-ACK spoofed sessions flood.

Context: while a simple SYN flood overwhells the server with half-open connections by sending SYNs and not completing handshakes, this scenario involves completing handshakes with spoofed ACKs to create real-looking sessions. The HTTP GET attack targets application data, not the TCP handshake process, and a spoofed ACK flood lacks the initial SYN to establish those fake sessions, so it doesn’t fit as well.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy