An online store as a web application is protected by automated technical solutions that detect and prevent web-based attacks. However, the front end web application firewall seems not performing well so that the online store is suffering from TCP SYN flooding attacks. Which of the following is the most likely symptom?
A. The CPU utilization of the web server will surge.
B. The bandwidth of the public-facing connection gets exhausted.
C. The memory of the backlog queue to maintain all half-open connections depletes.
D. The hard drives of the web server will work at high utilization for memory paging.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. The memory of the backlog queue to maintain all half-open connections depletes.
Many people think that TCP SYN flooding attacks will hinder availability because of network bandwidth exhaustion. However, it’s not the case. The bandwidth requirement of the three-way handshake is lightweight. The denial of service results from the fact that legitimate new connections are blocked because the backlog queue or Transmission Control Block (TCB) table is depleted.
The CPU utilization may raise or surge, but it depends on the computing resource a system has. Some systems have one CPU only, while others may have multiple cores or even multiple processors. No matter how many CPUs or processors a system has, the size of the TCB table can be fixed and soon depleted when facing TCP SYN flooding attacks.
- TCP 3-Way Handshake Process
- Flooding and Amplification
- Transmission Control Block (RFC 793)
- TCP SYN Flooding Attacks and Common Mitigations
- TCP TCB – Transmission Control Block
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
在線商店作為Web應用程序受到自動技術解決方案的保護，該技術解決方案可以檢測和阻止基於Web的攻擊。 但是，前端Web應用程序防火牆的性能似乎不如預期，因此在線商店正遭受TCP SYN泛洪攻擊。 以下哪項是最可能的症狀？