A SYN flood attack, is a type of Denial-of-Service (DoS) attack that exploits the TCP (Transmission Control Protocol) handshake process to overwhelm and exhaust the resources of a target server or network.
In a typical TCP handshake, when a client initiates a connection with a server, it sends a SYN (synchronize) packet to the server. The server responds with a SYN-ACK (synchronize-acknowledge) packet, and the client completes the connection establishment by sending an ACK (acknowledge) packet back to the server. Once the handshake is complete, data can be exchanged between the client and server.
In a SYN flood attack, the attacker sends a large number of SYN packets to the target server but does not respond to the SYN-ACK packets sent by the server. As a result, the target server keeps waiting for the final ACK packet to complete the connection, and these half-open connections consume server resources such as memory and processing power.
The attacker overwhelms the server with a high volume of half-open connections, causing it to become unresponsive to legitimate client requests. This results in a denial of service, as the server is unable to handle new connections from legitimate users.
To mitigate SYN flood attacks, various techniques can be employed, including implementing SYN cookies, rate limiting SYN requests, using firewalls and load balancers, and employing dedicated DDoS protection solutions. These measures help to prevent the exhaustion of server resources and ensure the server can continue to serve legitimate users despite the attack.
Once you realize the destination IP and port are on the left the answer is easier to understand. Multiple source ports trying to connect to the same destination IP and port means DOS.
I agree with the answer C, but the source IP are on the left and the Destination are on the right.
It's a SYN flood attack also known has a half-open attack. The ports of the server are in TIME_WAIT status because someone has started a three-hand-shake connection on each ports and the ports are now waiting for an acknowledge. Unfortunately, the ports will never get this acknowledge, because the attacker want these ports be keeping in waiting status to not be able to respond to any other task.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ApplebeesWaiter1122
Highly Voted 1 year, 9 months agoApplebeesWaiter1122
1 year, 9 months agosujon_london
1 year, 8 months agojspecht
Highly Voted 2 years, 6 months agoInimitable
2 years, 4 months ago[Removed]
Most Recent 2 years, 6 months agoserginljr
2 years, 6 months ago