Which one of the following instigates a SYN flood attack?
A.
Generating excessive broadcast packets.
B.
Creating a high number of half-open connections.
C.
Inserting repetitive Internet Relay Chat (IRC) messages.
D.
A large number of Internet Control Message Protocol (ICMP) traces.
Explanation:
A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission
Control Protocol (TCP) session initialization handshake. The attacker floods the target system’s small
“in-process” queue with connection requests, but it does not respond when a target system replies
to those requests. This causes the target system to time out while waiting for the proper response,
which makes the system crash or become unusable. -Ronald Krutz The CISSP PREP Guide (gold
edition) pg 103 “In a SYN flood attack, hackers use special software that sends a large number of
fake packets with the SYN flag set to the targeted system. The victim then reserves space in memory
for the connection and attempts to send the standard SYN/ACK reply but never hears back from the
originator. This process repeats hundreds or even thousands of times, and the targeted computer
eventually becomes overwhelmed and runs out of available resources for the half-opened
connections. At that time, it either crashes or simply ignores all inbound connection requests
because it can’t possibly handle any more half-open connections.” Pg 266 Tittel: CISSP Study Guide.