Certified Ethical Hacker (CEH v13) — Question 201

A sophisticated attacker targets your web server with the intent to execute a Denial of Service (DoS) attack. His strategy involves a unique mixture of TCP SYN, UDP, and ICMP floods, using 'r' packets per second. Your server, reinforced with advanced security measures, can handle 'h' packets per second before it starts showing signs of strain. If 'r' surpasses 'h', it overwhelms the server, causing it to become unresponsive. In a peculiar pattern, the attacker selects 'r' as a composite number and 'h' as a prime number, making the attack detection more challenging. Considering 'r=2010' and different values for 'h', which of the following scenarios would potentially cause the server to falter?

Answer options

• A. h=1987 (prime): The attacker's packet rate exceeds the server's capacity, causing potential unresponsiveness.
• B. h=1999 (prime): Despite the attacker's packet flood, the server can handle these requests, remaining responsive.
• C. h=1993 (prime): Despite being less than 'r', the server's prime number capacity keeps it barely operational, but the risk of falling is imminent.
• D. h=2003 (prime): The server can manage more packets than the attacker is sending, hence it stays operational.

Correct answer: A

Explanation

Option A is correct because with h=1987, the attacker's rate of 2010 packets per second exceeds the server's capacity, leading to potential unresponsiveness. In contrast, options B, C, and D have values of h that either allow the server to remain responsive or keep it barely operational, which means they do not present a risk of overwhelming the server.