Which term refers to a traffic-filtering feature in routers to protect TCP servers from a SYN-flooding attack?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which term refers to a traffic-filtering feature in routers to protect TCP servers from a SYN-flooding attack?

Explanation:
Defending a TCP server from a SYN flood often relies on a mechanism that sits in front of the server and filters or proxies connection attempts. This approach is TCP Intercept. It monitors incoming SYNs and acts as a proxy for the initial TCP handshake, limiting how many half-open connections the backend server must handle. By intercepting or proxying these handshakes, the router can throttle or drop suspicious connections and only forward genuinely valid sessions to the server. For legitimate clients, once the handshake is successfully completed through the intercept mechanism, the router forwards the full connection to the server. This shields the server from being overwhelmed by a flood of half-open connections, which is the core idea behind mitigating SYN-flood attacks. The other options aren’t protective features for a server under a SYN flood. HOIC and AnDOSid are tools used to launch DoS attacks, not to defend against them. Ingress filtering blocks spoofed IP addresses at the network edge, but it doesn’t provide targeted protection for a specific server against a flood of TCP connection attempts.

Defending a TCP server from a SYN flood often relies on a mechanism that sits in front of the server and filters or proxies connection attempts. This approach is TCP Intercept. It monitors incoming SYNs and acts as a proxy for the initial TCP handshake, limiting how many half-open connections the backend server must handle.

By intercepting or proxying these handshakes, the router can throttle or drop suspicious connections and only forward genuinely valid sessions to the server. For legitimate clients, once the handshake is successfully completed through the intercept mechanism, the router forwards the full connection to the server. This shields the server from being overwhelmed by a flood of half-open connections, which is the core idea behind mitigating SYN-flood attacks.

The other options aren’t protective features for a server under a SYN flood. HOIC and AnDOSid are tools used to launch DoS attacks, not to defend against them. Ingress filtering blocks spoofed IP addresses at the network edge, but it doesn’t provide targeted protection for a specific server against a flood of TCP connection attempts.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy