Which term describes a DoS attack that relies on an incomplete TCP handshake?

Prepare for the Network Security Examination by mastering key concepts in cybersecurity. Utilize interactive questions and detailed explanations to enhance your knowledge. Excel in your exam with our comprehensive preparation resources!

Multiple Choice

Which term describes a DoS attack that relies on an incomplete TCP handshake?

Explanation:
A DoS attack that relies on an incomplete TCP handshake exploits the way TCP establishes connections. In a normal three-way handshake, the client sends a SYN, the server replies with a SYN-ACK, and the client responds with an ACK to complete the connection. If an attacker floods the server with SYN packets but never completes the handshake with the final ACK, the server must allocate resources and keep track of those half-open connections in its backlog. Since the handshake isn’t completed, these connections remain in a half-open state, tying up resources and potentially exhausting the server’s capacity to accept new legitimate connections. That’s why this attack is described as half-open. Half-close, by contrast, refers to one side ending an established connection in a way that still leaves the other side with an open state, which is a normal part of connection termination and not a DoS technique. So the best term for this scenario is half-open. Mitigations include SYN cookies, backlog tuning, and rate limiting to prevent backlog exhaustion.

A DoS attack that relies on an incomplete TCP handshake exploits the way TCP establishes connections. In a normal three-way handshake, the client sends a SYN, the server replies with a SYN-ACK, and the client responds with an ACK to complete the connection. If an attacker floods the server with SYN packets but never completes the handshake with the final ACK, the server must allocate resources and keep track of those half-open connections in its backlog. Since the handshake isn’t completed, these connections remain in a half-open state, tying up resources and potentially exhausting the server’s capacity to accept new legitimate connections. That’s why this attack is described as half-open.

Half-close, by contrast, refers to one side ending an established connection in a way that still leaves the other side with an open state, which is a normal part of connection termination and not a DoS technique. So the best term for this scenario is half-open. Mitigations include SYN cookies, backlog tuning, and rate limiting to prevent backlog exhaustion.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy