A SYN FLOOD attack works by
Asending too many DNS queries
Bmany half-open SYNs exhaust server state
Cflooding ICMP echo requests
Dstealing user passwords
Answer & Solution
Correct answer: B. many half-open SYNs exhaust server state
1. SYN FLOOD: a DoS attack abusing the TCP 3-way handshake.
2. ATTACKER sends many TCP SYN packets (often with SPOOFED source IPs).
3. SERVER allocates state for each (the half-open connection), sends SYN+ACK to the spoofed IP, and waits.
4. Without the final ACK, half-open connections pile up — exhausting connection tables, making the server unresponsive to legitimate users.
5. MITIGATIONS:
• SYN COOKIES: encode connection state in the SYN+ACK sequence number — no state on server until final ACK arrives.
• Connection rate limiting.
• Upstream DDoS scrubbing (Cloudflare, AWS Shield).
_Source: RFC 4987 (TCP SYN Flooding Attacks and Countermeasures)._
Related questions
A SIEM (Security Information and Event Management) system primarilyA WEB APPLICATION FIREWALL (WAF) sits at which layer of the network?ARP SPOOFING (or ARP poisoning) lets an attacker on a LANWPA3 isA ZERO-TRUST network architecture is based on the principleDDoS (Distributed Denial of Service) differs from DoS in thatDNSSEC adds which security property to DNS?A MAN-IN-THE-MIDDLE (MITM) attack happens when