Free Preparation Discussions
MENU
Eccouncil Exam 312-50 Topic 2 Question 94 Discussion
Topic #: 2
A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?
A Pulse Wave attack is a type of DDoS attack that uses a botnet to send high-volume traffic pulses at regular intervals, typically lasting for a few minutes each. The attacker can adjust the frequency and duration of the pulses to maximize the impact and evade detection. A Pulse Wave attack can exhaust the network resources of the target, as well as the resources of any DDoS mitigation service that the target may use. A Pulse Wave attack can also conceal the attacker's identity, as the traffic originates from multiple sources that are part of the botnet. A Pulse Wave attack can bypass simple defensive measures, such as IP-based blocking, as the traffic can appear legitimate and vary in source IP addresses.
The other options are less effective or feasible for the attacker's objectives. A protocol-based SYN flood attack is a type of DDoS attack that exploits the TCP handshake process by sending a large number of SYN requests to the target server, without completing the connection. This consumes the connection state tables on the server, preventing it from accepting new connections. However, a SYN flood attack can be easily detected and mitigated by using SYN cookies or firewalls. A SYN flood attack can also expose the attacker's identity, as the source IP addresses of the SYN requests can be traced back to the attacker. An ICMP flood attack is a type of DDoS attack that sends a large number of ICMP packets, such as ping requests, to the target server, overwhelming its ICMP processing capacity. However, an ICMP flood attack from a single IP can be easily blocked by using IP-based filtering or disabling ICMP responses. An ICMP flood attack can also reveal the attacker's identity, as the source IP address of the ICMP packets can be identified. A volumetric flood attack is a type of DDoS attack that sends a large amount of traffic to the target server, saturating its network bandwidth and preventing legitimate users from accessing it. However, a volumetric flood attack using a single compromised machine may not be sufficient to overwhelm the network bandwidth of a major online retailer, as the attacker's machine may have limited bandwidth itself. A volumetric flood attack can also be detected and mitigated by using traffic shaping or rate limiting techniques.Reference:
Pulse Wave DDoS Attacks: What You Need to Know
DDoS Attack Prevention: 7 Effective Mitigation Strategies
DDoS Attack Types: Glossary of Terms
DDoS Attacks: What They Are and How to Protect Yourself
DDoS Attack Prevention: How to Protect Your Website
Murray
2 months agoLashaun
10 days agoCory
15 days agoEun
19 days agoKris
1 months agoCarey
2 months agoTommy
1 months agoElza
1 months agoKarl
1 months agoKimberlie
2 months agoSueann
2 months agoCallie
25 days agoPaulina
26 days agoFletcher
29 days agoDominga
2 months agoSunny
3 months agoDominga
3 months agoDexter
3 months agoKattie
2 months agoVon
2 months ago