Certified Ethical Hacker (CEH v11) — Question 41

A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.
Which attack is being described here?

Answer options

• A. Desynchronization
• B. Slowloris attack
• C. Session splicing
• D. Phlashing

Correct answer: B

Explanation

The Slowloris attack is characterized by sending partial HTTP requests to exhaust server resources by keeping connections open. Desynchronization, Session splicing, and Phlashing do not specifically involve maintaining open connections while waiting for request completion, making them incorrect in this context.