Which attack type exploits the second stage of the TCP three-way handshake by sending numerous SYN-ACK packets to exhaust server resources?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which attack type exploits the second stage of the TCP three-way handshake by sending numerous SYN-ACK packets to exhaust server resources?

Explanation:
The attack hinges on the TCP handshake stage where the server has already replied with a SYN-ACK and is waiting for the final ACK from the client. In a SYN-ACK flood, the attacker overwhelms the target by causing a large number of SYN-ACK responses to be sent, typically by using spoofed client addresses. Each SYN received by the server triggers state to be allocated for a half-open connection until the final ACK arrives. If many such SYN-ACKs are sent and no corresponding ACKs come, the server’s backlog or connection-tracking resources fill up, preventing legitimate clients from establishing new connections. This directly targets the second stage of the handshake—the server’s SYN-ACK—making it the best fit. The other options describe different ideas: a fragmentation attack exploits IP fragmentation, a standard SYN flood targets the initial SYN message, and a variant described as a spoofed session flood is less specific in how it phrases the second-stage flood.

The attack hinges on the TCP handshake stage where the server has already replied with a SYN-ACK and is waiting for the final ACK from the client. In a SYN-ACK flood, the attacker overwhelms the target by causing a large number of SYN-ACK responses to be sent, typically by using spoofed client addresses. Each SYN received by the server triggers state to be allocated for a half-open connection until the final ACK arrives. If many such SYN-ACKs are sent and no corresponding ACKs come, the server’s backlog or connection-tracking resources fill up, preventing legitimate clients from establishing new connections.

This directly targets the second stage of the handshake—the server’s SYN-ACK—making it the best fit. The other options describe different ideas: a fragmentation attack exploits IP fragmentation, a standard SYN flood targets the initial SYN message, and a variant described as a spoofed session flood is less specific in how it phrases the second-stage flood.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy