Certified Ethical Hacker (CEH v12) — Question 81

A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.
Which attack is being described here?

Answer options

• A. Desynchronization
• B. Slowloris attack
• C. Session splicing
• D. Phlashing

Correct answer: B

Explanation

The correct answer is the Slowloris attack, which exploits the way web servers handle connections by sending partial requests and keeping them open, thereby exhausting server resources. Other options like Desynchronization, Session splicing, and Phlashing do not specifically involve sending incomplete requests to exhaust server connections in the same manner.