Certified Ethical Hacker (CEH v12) — Question 215

A sophisticated attacker targets your web server with the intent to execute a Denial of Service (DoS) attack. His strategy involves a unique mixture of TCP SYN, UDP, and ICMP floods, using 'r' packets per second. Your server, reinforced with advanced security measures, can handle 'h' packets per second before it starts showing signs of strain. If 'r' surpasses 'h', it overwhelms the server, causing it to become unresponsive. In a peculiar pattern, the attacker selects 'r' as a composite number and 'h' as a prime number, making the attack detection more challenging. Considering 'r=2010' and different values for 'h', which of the following scenarios would potentially cause the server to falter?

Answer options

• A. h=1987 (prime): The attacker's packet rate exceeds the server's capacity, causing potential unresponsiveness.
• B. h=1999 (prime): Despite the attacker's packet flood, the server can handle these requests, remaining responsive.
• C. h=1993 (prime): Despite being less than 'r', the server's prime number capacity keeps it barely operational, but the risk of falling is imminent.
• D. h=2003 (prime): The server can manage more packets than the attacker is sending, hence it stays operational.

Correct answer: A

Explanation

The correct answer is A because with h=1987, the server's capacity is lower than the attack rate of 2010, causing it to become unresponsive. Options B and D are incorrect since the server can handle the attack in those scenarios. Option C, while near failure, still suggests the server may remain operational, making A the only definitive case of failure.