nerdexam
EC-Council

312-50V10 · Question #938

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers op

The correct answer is A. Slowloris attack. A Slowloris attack is a Layer 7 DoS technique that keeps web server connections open by sending partial HTTP requests, exhausting the server's connection pool.

Denial of Service

Question

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here?

Options

  • ASlowloris attack
  • BSession splicing
  • CPhlashing
  • DDesynchronization

How the community answered

(57 responses)
  • A
    88% (50)
  • B
    7% (4)
  • C
    4% (2)
  • D
    2% (1)

Why each option

A Slowloris attack is a Layer 7 DoS technique that keeps web server connections open by sending partial HTTP requests, exhausting the server's connection pool.

ASlowloris attackCorrect

Slowloris works by initiating many HTTP connections to a target server and sending partial request headers very slowly, causing the server to hold each connection open while waiting for the request to complete. Because the server's maximum concurrent connection limit becomes saturated by these never-completing requests, it becomes unavailable to legitimate users - all without requiring significant bandwidth from the attacker.

BSession splicing

Session splicing is an IDS/IPS evasion technique that fragments malicious payloads across multiple TCP packets to bypass signature detection, and is unrelated to exhausting server connections via partial HTTP requests.

CPhlashing

Phlashing is a permanent denial-of-service attack that corrupts a device's firmware to cause irreversible hardware damage, and has no relationship to HTTP request manipulation or web server resource exhaustion.

DDesynchronization

Desynchronization is a TCP session hijacking technique that injects forged packets to disrupt sequence number synchronization between two communicating hosts, not a method of holding server connections open via incomplete requests.

Concept tested: Slowloris Layer 7 partial HTTP DoS attack mechanism

Source: https://owasp.org/www-community/attacks/Slow_HTTP_Attack

Topics

#Slowloris#layer 7 DDoS#partial HTTP requests#application-layer attack

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice