210-250 · Question #154
What phase of the TCP communication process is attacked during a TCP SYN flood attack?
The correct answer is A. three-way handshake. A TCP SYN flood attack targets the three-way handshake by sending masses of SYN packets without completing the connection, exhausting the server's half-open connection queue.
Question
What phase of the TCP communication process is attacked during a TCP SYN flood attack?
Options
- Athree-way handshake
- Bconnection established
- Cconnection closed
- Dconnection reset
How the community answered
(51 responses)- A94% (48)
- B2% (1)
- D4% (2)
Why each option
A TCP SYN flood attack targets the three-way handshake by sending masses of SYN packets without completing the connection, exhausting the server's half-open connection queue.
During the TCP three-way handshake, a server responds to each SYN with a SYN-ACK and allocates connection state while waiting for the final ACK. In a SYN flood, the attacker sends a high volume of SYN packets with spoofed source IPs and never sends the final ACK, filling the server's backlog queue with half-open connections until it is unable to accept any legitimate new connections.
The connection established phase occurs only after the three-way handshake completes successfully - SYN flood attacks prevent connections from ever reaching this state by exhausting the handshake backlog.
The connection closed phase involves FIN or RST packets to terminate an already fully established session, which is a separate mechanism unrelated to SYN flood attacks.
A connection reset uses RST packets to abruptly terminate an already-established TCP session, which is a different process from the SYN flood's exploitation of incomplete half-open connections.
Concept tested: TCP SYN flood attack targeting the three-way handshake
Source: https://www.cisco.com/c/en/us/support/docs/security-vpn/kerberos/13634-syn-flood.html
Topics
Community Discussion
No community discussion yet for this question.