Question 5) Test Yourself on CompTIA i-Net+.
SubObjective : Identify Suspicious Network Activities
Single Answer Multiple Choice
Which kind of attack is one that floods a computer with bogus TCP/IP addresses?
A. SYN flood
B. DOS flood
C. PING flood
D. Mail flood
A. SYN flood
A SYN flood is an attack targeted at TCP that, when successful, will leave computers unable to connect to network resources. A SYN flood works by sending numerous TCP synchronization (SYN) packets during the three-way handshake of establishing a session. During a three-way handshake, a computer opens a session by sending a TCP packet known as a SYN to another computer. A hacker who is SYN flooding will send numerous SYN packets.
When the targeted computer receives the SYN packet, it returns a SYN acknowledgement (ACK) packet and places the outstanding SYN ACK reply in a buffer to wait for its response. The hacker will use a bad IP address so that when the SYN ACK is returned to the original computer it will never arrive. Meanwhile, the targeted computer is still receiving SYN requests and adding their SYN ACK replies to its buffer. Once this buffer is full, the targeted system will no longer accept arriving SYN requests. In order to move a SYN ACK reply out of the buffer, the initiating computer will need to send an ACK, which completes the three-way handshake.
Eventually, the computer’s buffer fills with unanswered SYN ACK replies, and it is unable to accept any new SYN requests making it impossible for other computers to establish a session with this computer. This is an example of a denial-of-service attack. In order to find out who has initiated such an attack, you should examine the source IP address and destination IP address.
These questions are derived from the Self Test Software Practice Test for CompTIA Exam #IK0-002: i-Net+.