Which attack sends HTTP requests with complete headers but an incomplete message body, causing the server to wait for the rest of the data?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which attack sends HTTP requests with complete headers but an incomplete message body, causing the server to wait for the rest of the data?

Explanation:
The attack leverages how HTTP POST messages include a body. In a POST, the client sends a header that specifies the size of the body (Content-Length) and then sends the body data. If the attacker sends the headers indicating a large or specific body size but then doesn’t send the body (or sends it very slowly), the server will wait for that data to arrive. This keeps the connection open and ties up server resources (threads or processes) while awaiting the rest of the data, which can exhaust the server and cause denial of service. That behavior is characteristic of an HTTP POST attack, since it targets the body portion that accompanies POST requests. In contrast, a typical HTTP GET request usually has no body, so there’s nothing for the server to wait for; TCP-level ACK flood attacks operate on the transport layer rather than the HTTP payload, and fragmentation attacks exploit IP packet fragmentation rather than the HTTP message structure.

The attack leverages how HTTP POST messages include a body. In a POST, the client sends a header that specifies the size of the body (Content-Length) and then sends the body data. If the attacker sends the headers indicating a large or specific body size but then doesn’t send the body (or sends it very slowly), the server will wait for that data to arrive. This keeps the connection open and ties up server resources (threads or processes) while awaiting the rest of the data, which can exhaust the server and cause denial of service. That behavior is characteristic of an HTTP POST attack, since it targets the body portion that accompanies POST requests.

In contrast, a typical HTTP GET request usually has no body, so there’s nothing for the server to wait for; TCP-level ACK flood attacks operate on the transport layer rather than the HTTP payload, and fragmentation attacks exploit IP packet fragmentation rather than the HTTP message structure.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy