Certified Ethical Hacker (CEH v11) — Question 392
Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources.
What is the attack technique used by Jude for finding loopholes in the above scenario?
Answer options
- A. Spoofed session flood attack
- B. UDP flood attack
- C. Peer-to-peer attack
- D. Ping-of-death attack
Correct answer: A
Explanation
The correct answer is A, Spoofed session flood attack, as this technique involves creating false TCP connections to overwhelm network resources. The other options do not accurately describe the method Jude is using; for example, B refers to flooding with UDP packets, C relates to a decentralized attack model, and D is an outdated attack that targets specific vulnerabilities in systems rather than exploiting TCP session management.