nerdexam
ExamsGCIHQuestions#591
GIAC

GCIH · Question #591

GCIH Question #591: Real Exam Question with Answer & Explanation

The correct answer is D: Use netstat and look for many ports in the SYN_RECEIVED state. A SYN flood will produce many half-open TCP connections. You can view these connections by doing a netstat -an command and looking for connections in the SYN_RECEIVED state.

Incident Response & Cyber Kill Chain

Question

How could you determine if your system is the victim of a SYN flood?

Options

  • ALook for TCP traffic with the same source and destination IP address
  • BUse netstat and look for many ports in the TIMED_OUT state
  • CUse TCPDUMP and look for many ICMP ECHO REPLYS with no corresponding ICMP ECHO
  • DUse netstat and look for many ports in the SYN_RECEIVED state

Explanation

A SYN flood will produce many half-open TCP connections. You can view these connections by doing a netstat -an command and looking for connections in the SYN_RECEIVED state.

Topics

#SYN flood detection#netstat#SYN_RECEIVED state#DoS detection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice