Which flood type is described as masking multiple HTTP requests within one packet to remain undetected?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which flood type is described as masking multiple HTTP requests within one packet to remain undetected?

Explanation:
The type described works by hiding multiple HTTP requests inside a single session, using one connection to send a burst of requests rather than opening many separate ones. In a single-session HTTP flood, the attacker keeps the connection alive (often with HTTP keep-alive or pipelining) and streams multiple requests over that same session. To defenders, this can look like normal traffic from one user, so the flood isn’t as easily spotted by checks that count requests per separate connection or per IP. The server ends up processing a high number of requests, exhausting resources, even though the traffic appears to come from a single source and session. This differs from other techniques: a single-request flood sends limited requests per interaction and would be easy to spot by per-packet or per-request rate. A random recursive GET flood targets many resources in a more erratic pattern rather than packing multiple requests into one session. Slowloris keeps many connections open with partial headers to tie up server resources, not by multiplexing multiple requests in one packet.

The type described works by hiding multiple HTTP requests inside a single session, using one connection to send a burst of requests rather than opening many separate ones. In a single-session HTTP flood, the attacker keeps the connection alive (often with HTTP keep-alive or pipelining) and streams multiple requests over that same session. To defenders, this can look like normal traffic from one user, so the flood isn’t as easily spotted by checks that count requests per separate connection or per IP. The server ends up processing a high number of requests, exhausting resources, even though the traffic appears to come from a single source and session.

This differs from other techniques: a single-request flood sends limited requests per interaction and would be easy to spot by per-packet or per-request rate. A random recursive GET flood targets many resources in a more erratic pattern rather than packing multiple requests into one session. Slowloris keeps many connections open with partial headers to tie up server resources, not by multiplexing multiple requests in one packet.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy