Exam 312-50v12 topic 1 question 83 discussion

B. Slowloris attack This is a type of DDoS attack that targets the application layer of the OSI model, where common internet requests occur, such as HTTP GET and HTTP POST. This attack works by sending partial, but not complete, HTTP requests to the target server, and keeping many simultaneous connections open between the attacker and the target.

B. Slowloris attack ----------------------------------- A. Desynchronization: disrupts the synchronization between different components a system, so exploits the vulnerabilities that related to the synchronization of data or processes. B. Slowloris attack: a type of denial-of-service (DoS) attack to web server. The attacker sends incomplete HTTP requests to the web server, keeping connections open to consume and exhaust resources to make web server unavailable. C. Session splicing: attacker intercepts and combines parts of different sessions to gain unauthorized access or perform malicious actions. This attack typically targets web-based sessions, allowing the attacker to bypass authentication or gain access to sensitive information. D. Phlashing: attack IOT devices to break its firmware or hardware to permanently disable a device or system.

B. Slowloris attack 312-50v11 Q187 CEH book Module 10 P1452 Slowloris is a DDoS attack tool used to perform layer-7 DDoS attacks to take down web infrastructure. It is distinctly different from other tools in that it uses perfectly legitimate HTTP traffic to take down a target server. In Slowloris attacks, the attacker sends partial HTTP requests to the target web server or application. Upon receiving the partial requests, the target server opens multiple connections and waits for the requests to complete

B. Slowloris attack. Explanation: In a Slowloris attack, the attacker sends partial HTTP requests to the web infrastructure or applications. Upon receiving a partial request, the target server opens multiple connections and keeps waiting for the requests to complete. The attacker then sends a slow stream of subsequent requests that are never completed, which leads to resource exhaustion on the server, eventually causing it to crash or become unavailable. This attack is performed at layer 7 to take down web infrastructure.