Certified Ethical Hacker (CEH v13) — Question 124

An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given 'a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?

Answer options

• A. m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections exceed this, and with each connection held up for 15 seconds, the attack duration could be significant.
• B. m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100 connections, likely maintaining operation despite a moderate hold-up time.
• C. m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per second, therefore likely staying operative, regardless of the hold-up time per connection.
• D. m=95, b=10: Here, the server can handle 95 connections per second, but it falls short against the attacker's 100 connections, albeit the hold-up time per connection is lower.

Correct answer: A

Explanation

Option A is correct because the server's capacity of 90 connections per second is insufficient against the attacker's 100 connections, and with a hold-up time of 15 seconds, it leads to a significant duration of unavailability. Options B and C are incorrect as they both have sufficient capacity to handle the attacker's connections, thereby minimizing downtime. Option D, while also exceeding the number of connections, has a shorter hold-up time of 10 seconds, which results in less impact compared to option A.