312-50V13 · Question #156
When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then
The correct answer is B. Attacker floods TCP SYN packets with random source addresses towards a victim host. A TCP SYN attack exploits the three-way handshake by flooding a target with SYN packets from spoofed source IP addresses, causing the target's connection queue to fill up while waiting for non-existent ACKs.
Question
Options
- AAttacker generates TCP SYN packets with random destination addresses towards a victim host
- BAttacker floods TCP SYN packets with random source addresses towards a victim host
- CAttacker generates TCP ACK packets with random source addresses towards a victim host
- DAttacker generates TCP RST packets with random source addresses towards a victim host
How the community answered
(32 responses)- A16% (5)
- B72% (23)
- C3% (1)
- D9% (3)
Why each option
A TCP SYN attack exploits the three-way handshake by flooding a target with SYN packets from spoofed source IP addresses, causing the target's connection queue to fill up while waiting for non-existent ACKs.
Generating TCP SYN packets with random *destination* addresses would spread the attack across many potential targets, rather than focusing on overwhelming a single victim's connection queue effectively.
An attacker launches a TCP SYN flood by sending numerous SYN packets to the victim server, each with a spoofed or random source IP address. This causes the victim to respond with a SYN-ACK to a non-existent host and allocate resources in its connection queue while waiting for a final ACK that will never arrive, eventually exhausting the queue and denying legitimate connections.
Generating TCP ACK packets from random source addresses would not initiate connections or fill the SYN queue, as ACK packets are part of an already established or expected connection, and systems typically drop ACKs without a prior SYN.
Generating TCP RST packets would terminate existing connections, not exploit the SYN queue or initiate a denial-of-service attack based on the three-way handshake.
Concept tested: TCP SYN Flood attack
Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/ddos-protection-overview
Topics
Community Discussion
No community discussion yet for this question.