SYN floods

tlholmes4470tlholmes4470 Member Posts: 8 ■□□□□□□□□□

What does a Synchronous (SYN) flood attack do?

What does a Synchronous (SYN) flood attack do?
A. Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state 
B. Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections
C. Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests
D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections

I thought this question was rather straight forward, and the answer is clearly D. Their answer was B. My reasoning was that A is surely not the answer as this would be a solution to the problem of half open connections.  In that regard C would also be a solution. B cannot be correct because no connections are established! Please tell me why my logic is flawed.


Thanks


Note: In order to pas the CISSP exam, you MUST understand why all the other choices are incorrect or at least not the best choice.

Comments

  • E Double UE Double U Member Posts: 1,853 ■■■■■■■■■□
    This is one of those best answer or least wrong type questions. I would choose B as well. Even though the full handshake is not completed, the SYN packets are received by the target. The final ACK packet is never received as more SYN packets continue, but using the process of elimination I would not choose the other options.

    A - what reset?
    C - what queue?
    D - what limit?
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, and more.

    2021 goals: AZ-303, AZ-304, maybe TOGAF and more ISACA

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • beadsbeads Senior Member Member Posts: 1,511 ■■■■■■■■■□
    D.) is wrong because your basing your answer on the word 'flood' and nothing else. I can attempt to flood a connection with little to no real impact by dropping unanswered request by way of WAF, load balancer and firewall rules (all default to 300 seconds or 5 minutes). The question doesn't say anything about the attack being successful only that your connections are attempting to be flooded, there is a big difference in the answers because of this.

    Answers A and D are gibberish and can immediately be disregarded.

    - b/eads
  • tlholmes4470tlholmes4470 Member Posts: 8 ■□□□□□□□□□
    Isn't the  TCP connection limit 65,535???


    The following is from a google search:

    The maximum number of TCP sessions a single source IP can make to a single destination IP and port is 65,535. This assumes that every available source port in the 16-bit source port range (excluding 0) from the source IP is utilized

     
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,082 Admin
    A traditional SYN flood never completes the TCP handshake sequence. SYN flood only performs the first two steps of the TCP three-way handshake to keep the server's available network ports open and waiting for the final handshake signal. In this "pending" state, each port will accept no more connection requests until the original connection request for that port has timed-out.

    Although poorly worded, D seems like the correct answer to me.
Sign In or Register to comment.