Which attack targets the TCP state table by sending a flood of SYN packets with spoofed addresses to deplete resources?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

Which attack targets the TCP state table by sending a flood of SYN packets with spoofed addresses to deplete resources?

Explanation:
When a server handles TCP connections, it keeps track of each partially established connection after receiving a SYN and before the final ACK completes the three-way handshake. Flooding the target with SYN packets that use spoofed source addresses forces the server to allocate resources for each of those half-open connections, even though no real client will complete the handshake. Because the final ACK never arrives, those entries stay in the TCP state table, gradually exhausting it and preventing legitimate clients from establishing new connections. This is the classic SYN flood: it targets the TCP state tracking mechanism itself. The other options don’t fit as well. An ACK flood would overwhelm the receiver with ACKs, but it doesn’t specifically exploit the handshake process or fill the TCP state table in the same way. A fragmentation attack focuses on IP fragmentation behavior rather than TCP connection state. An HTTP GET attack targets the application layer by flooding with requests, not the TCP handshake resources.

When a server handles TCP connections, it keeps track of each partially established connection after receiving a SYN and before the final ACK completes the three-way handshake. Flooding the target with SYN packets that use spoofed source addresses forces the server to allocate resources for each of those half-open connections, even though no real client will complete the handshake. Because the final ACK never arrives, those entries stay in the TCP state table, gradually exhausting it and preventing legitimate clients from establishing new connections. This is the classic SYN flood: it targets the TCP state tracking mechanism itself.

The other options don’t fit as well. An ACK flood would overwhelm the receiver with ACKs, but it doesn’t specifically exploit the handshake process or fill the TCP state table in the same way. A fragmentation attack focuses on IP fragmentation behavior rather than TCP connection state. An HTTP GET attack targets the application layer by flooding with requests, not the TCP handshake resources.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy