Exam 312-50v12 topic 1 question 58 discussion

A. Spoofed session flood attack Explanation: Jude used a spoofed session flood attack to bypass the network protection tools and firewalls used in his company's network infrastructure. This attack technique involves creating forged TCP sessions by sending multiple SYN, ACK, RST, or FIN packets to the target system. By doing so, the attacker can exhaust the target system's resources and make it unresponsive to legitimate requests. In a spoofed session flood attack, the attacker sends packets with a forged source IP address, making it difficult for the target system to distinguish between legitimate and malicious traffic. This makes it easier for the attacker to bypass network protection tools and firewalls, which may be configured to block traffic from known malicious IP addresses.

A. Spoofed session flood attack Module 10 Page 1449 from CEH v12 book

Spoofed Session Flood Attack In this type of attack, attackers create fake or spoofed TCP sessions by carrying multiple SYN, ACK, and RST or FIN packets. Attackers employ this attack to bypass firewalls and perform DDoS attacks against target networks, exhausting their network resources. The following are examples for spoofed session flood attacks: ▪ Multiple SYN-ACK Spoofed Session Flood Attack In this type of flood attack, attackers create a fake session with multiple SYN and multiple ACK packets, along with one or more RST or FIN packets. ▪ Multiple ACK Spoofed Session Flood Attack In this type of flood attack, attackers create a fake session by completely skipping SYN packets and using only multiple ACK packets along with one or more RST or FIN packets. Because SYN packets are not employed and firewalls mostly use SYN packet filters to detect abnormal traffic, the DDoS detection rate of the firewalls is very low for these types of attacks. CEH V12 Page 1449

A: Spoofed session flood attack

A. Spoofed session flood attack

A. Spoofed session flood attack