Certified Ethical Hacker (CEH v12) — Question 57
Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources.
What is the attack technique used by Jude for finding loopholes in the above scenario?
Answer options
- A. Spoofed session flood attack
- B. UDP flood attack
- C. Peer-to-peer attack
- D. Ping-of-death attack
Correct answer: A
Explanation
The correct answer is A, as a spoofed session flood attack involves creating fake TCP sessions to overwhelm network resources. The other options do not specifically relate to the manipulation of TCP sessions in the manner described, with UDP flood attacks focusing on UDP packets, peer-to-peer attacks involving direct connections between peers, and ping-of-death attacks targeting the ICMP protocol.