Which attack uses a flood of fragmented packets to prevent proper reassembly and reduce throughput?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which attack uses a flood of fragmented packets to prevent proper reassembly and reduce throughput?

Explanation:
When a system receives fragmented IP packets, it must hold the fragments in memory and reassemble them into complete packets before passing them to higher layers. Flooding a target with a large volume of fragments, especially overlapping or mismatched fragments, can quickly fill the reassembly buffers and force the host to spend a lot of CPU effort on trying to piece fragments back together. Once those reassembly resources are exhausted, legitimate fragments are dropped, connections time out, and throughput drops significantly. That degradation in normal traffic is the hallmark of a fragmentation attack. Other floods described target different resources or behaviors. A flood of TCP SYN packets aims to exhaust the server’s or firewall’s connection-tracking state by initiating many half-open connections. A flood of SYN-ACKs overwhelms the responder with synchronization replies. A spoofed-session flood creates or manipulates sessions through spoofed responses. None of these primarily exploits IP fragment reassembly resources, so they don’t produce the same fragmentation-based throughput degradation.

When a system receives fragmented IP packets, it must hold the fragments in memory and reassemble them into complete packets before passing them to higher layers. Flooding a target with a large volume of fragments, especially overlapping or mismatched fragments, can quickly fill the reassembly buffers and force the host to spend a lot of CPU effort on trying to piece fragments back together. Once those reassembly resources are exhausted, legitimate fragments are dropped, connections time out, and throughput drops significantly. That degradation in normal traffic is the hallmark of a fragmentation attack.

Other floods described target different resources or behaviors. A flood of TCP SYN packets aims to exhaust the server’s or firewall’s connection-tracking state by initiating many half-open connections. A flood of SYN-ACKs overwhelms the responder with synchronization replies. A spoofed-session flood creates or manipulates sessions through spoofed responses. None of these primarily exploits IP fragment reassembly resources, so they don’t produce the same fragmentation-based throughput degradation.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy