Certified Ethical Hacker (CEH v13) — Question 106

A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.
Which attack is being described here?

Answer options

• A. Desynchronization
• B. Slowloris attack
• C. Session splicing
• D. Phlashing

Correct answer: B

Explanation

The Slowloris attack is specifically designed to exploit the way servers handle partial HTTP requests, leaving connections open and consuming resources. Desynchronization, session splicing, and phlashing do not involve this method of overwhelming servers with partial requests, making them incorrect choices for this scenario.