|
Title: SYN Flooding DOS Attack Post by: Manu Zacharia (-M-) on July 07, 2006, 12:55:02 PM Hi Friends,
I am posting more questions that I have faced during my course. Please discuss the same. The next question is: Quote What TCP/IP Vulnerability does the SYN Flooding DOS Attack exploit? 1. There is no limit to the number of connections possible on a host. 2. Connection Establishment is a very cumbersome process. 3. There are an unlimited number of IP addresses possible. 4. The target computer has limited bandwidth. 5. TCP/IP cannot handle SYN data packets. Regards, The Morpheus Title: Re: SYN Flooding DOS Attack - AFCEH Question Post by: Dengar13 on July 07, 2006, 01:59:42 PM What do you think the answer is?
Title: Re: SYN Flooding DOS Attack - AFCEH Question Post by: Negrita on July 07, 2006, 03:05:08 PM Dengar is right. We aren't here to do your homework for you. If you're going to post questions you may at the very least post which answer you think is corect and why. I'm sure that the members here will be more than obliging in correcting you if you make a mistake.
BTW, I'd go for answer no. 2. This question is very easy and deals with basic understanding of TCP/IP. If you don't feel comfortable with the study material perhaps you should defer your exam until you've done some revision. Title: Re: SYN Flooding DOS Attack - AFCEH Question Post by: pcsneaker on July 08, 2006, 04:34:49 AM The only answer which would make at least a bit sense is 4. - DOS attacks always deals with limited resources but SynFlooding is not really using bandwith but the limited capability of a host to handle connections.
I would say all these answers are a bit odd... Title: Re: SYN Flooding DOS Attack - AFCEH Question Post by: ChrisG on July 30, 2006, 09:51:38 PM either 2 or 4, i would probably choose 2 since a SYN Flood has nothing to do with a host's bandwidth per say but is an attack on the OS to keep up with the SYN requests and the ACK's back. but i could see 4 being an option that could be considered correct depending on how you look at it.
crappyily worded question either way Title: Re: SYN Flooding DOS Attack - AFCEH Question Post by: Hug_It on July 31, 2006, 02:01:33 PM It is poorly written but that's common to a lot of testing questions. CISSP comes to mind. =)
Are they saying it's a vulnerability in the TCP/IP standard or how different OSes implement it in their stacks? An arguement could be made that the answer is 1. Being the standard doesn't limit the number of connections that can be attempted to a host, this allows for SYN packets to overload the stack. Title: Re: SYN Flooding DOS Attack - AFCEH Question Post by: oleDB on July 31, 2006, 02:14:17 PM I would have to say the answer is 4.
The TCP connection process isn't cumbersome SYN/SYNACK/ACK, thats it. Yeah its not a simple as UDP, but really its not "cumbersome" for an enduser in anyway. Question 4 states bandwidth, however doesn't specifically say network bandwidth. While not completely generic you could interpret that in several ways. In the broadest sense, a given computer only has enough bandwidth to support so many half open connections before it can't take anymore. I would also tend to believe that network bandwidth is directly relevant, as an attacking computer with huge pipe, will overwhelm a target machine with smaller pipe very easily, even though it doesn't take that many packets to create a SYN flood condition.
Powered by SMF 1.1.7 |
SMF © 2006-2007, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com |