Certified Incident Handler (ECIH) — Question 38
An attacker with malicious intent used SYN flooding technique to disrupt the network and gain advantage over the network to bypass the Firewall. You are working with a security architect to design security standards and plan for your organization. The network traffic was captured by the SOC team and was provided to you to perform a detailed analysis. Study the Synflood.pcapng file and determine the source IP address.
Note: Synflood.pcapng file is present in the Documents folder of Attacker-1 machine.
Answer options
- A. 20.20.10.180
- B. 20.20.10.19
- C. 20.20.10.60
- D. 20.20.10.59
Correct answer: B
Explanation
The correct source IP address is 20.20.10.19, as it is the one used in the SYN flooding attack. The other options represent different IP addresses that do not correspond to the analysis of the Synflood.pcapng file, making them incorrect in this context.