Which resource does a TCP SYN flood attack target?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
A TCP SYN flood attack is a type of DDoS (Distributed Denial of Service) attack in which an attacker floods the target system with a large number of TCP SYN requests. This attack exploits the TCP handshake process, which is a three-way communication process that occurs between a client and server before establishing a TCP connection.
The correct answer to this question is (A) connection tables on the target host.
When a TCP SYN flood attack is launched, the attacker sends a large number of TCP SYN requests to the target system, but never completes the three-way handshake process by sending an ACK message. As a result, the connection table on the target system becomes filled with incomplete connections, which can cause the system to crash or become unresponsive.
Connection tables are a critical resource on any system that uses TCP connections. When a client initiates a TCP connection with a server, the server creates an entry in its connection table to keep track of the state of the connection. The entry includes the client's IP address, the port number of the application the client is using, and the status of the connection (e.g., established, SYN sent, SYN received).
In a TCP SYN flood attack, the attacker floods the target system with a large number of TCP SYN requests, which causes the connection table to fill up with incomplete connections. This can cause the system to run out of resources, resulting in denial of service.
Option (B) send buffers on transit routers is incorrect. Send buffers are used by routers to temporarily store packets that are waiting to be transmitted on an outgoing interface. An attacker would not typically target send buffers as part of a TCP SYN flood attack.
Option (C) shared memory on the routers closest to the target is also incorrect. While shared memory is used by routers to store routing tables, forwarding tables, and other critical information, an attacker would not typically target shared memory as part of a TCP SYN flood attack.
Option (D) SYN cookies on the target host is also incorrect. SYN cookies are a technique used by some operating systems to mitigate the effects of TCP SYN flood attacks. When a server receives a SYN request, it generates a SYN cookie and sends it back to the client. The client then includes the SYN cookie in the ACK message when it completes the three-way handshake process. SYN cookies are used to prevent the connection table from becoming filled with incomplete connections. However, an attacker would not typically target SYN cookies as part of a TCP SYN flood attack.