Certified Ethical Hacker (CEH v12) — Question 148

An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given 'a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?

Answer options

• A. m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections exceed this, and with each connection held up for 15 seconds, the attack duration could be significant.
• B. m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100 connections, likely maintaining operation despite a moderate hold-up time.
• C. m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per second, therefore likely staying operative, regardless of the hold-up time per connection.
• D. m=95, b=10: Here, the server can handle 95 connections per second, but it falls short against the attacker's 100 connections, albeit the hold-up time per connection is lower.

Correct answer: A

Explanation

Option A is correct because the server cannot handle the 100 connections from the attacker, resulting in significant downtime due to the extended hold-up time of 15 seconds. Options B and C are incorrect because they both allow the server to handle the attack without being overwhelmed, leading to shorter durations of unavailability. Option D, while also exceeding capacity, has a lesser hold-up time of 10 seconds, which results in a shorter attack duration compared to A.