Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Eccouncil Exam 312-50 Topic 2 Question 94 Discussion

Actual exam question for Eccouncil's 312-50 exam
Question #: 94
Topic #: 2
[All 312-50 Questions]

A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?

Show Suggested Answer Hide Answer
Suggested Answer: A

A Pulse Wave attack is a type of DDoS attack that uses a botnet to send high-volume traffic pulses at regular intervals, typically lasting for a few minutes each. The attacker can adjust the frequency and duration of the pulses to maximize the impact and evade detection. A Pulse Wave attack can exhaust the network resources of the target, as well as the resources of any DDoS mitigation service that the target may use. A Pulse Wave attack can also conceal the attacker's identity, as the traffic originates from multiple sources that are part of the botnet. A Pulse Wave attack can bypass simple defensive measures, such as IP-based blocking, as the traffic can appear legitimate and vary in source IP addresses.

The other options are less effective or feasible for the attacker's objectives. A protocol-based SYN flood attack is a type of DDoS attack that exploits the TCP handshake process by sending a large number of SYN requests to the target server, without completing the connection. This consumes the connection state tables on the server, preventing it from accepting new connections. However, a SYN flood attack can be easily detected and mitigated by using SYN cookies or firewalls. A SYN flood attack can also expose the attacker's identity, as the source IP addresses of the SYN requests can be traced back to the attacker. An ICMP flood attack is a type of DDoS attack that sends a large number of ICMP packets, such as ping requests, to the target server, overwhelming its ICMP processing capacity. However, an ICMP flood attack from a single IP can be easily blocked by using IP-based filtering or disabling ICMP responses. An ICMP flood attack can also reveal the attacker's identity, as the source IP address of the ICMP packets can be identified. A volumetric flood attack is a type of DDoS attack that sends a large amount of traffic to the target server, saturating its network bandwidth and preventing legitimate users from accessing it. However, a volumetric flood attack using a single compromised machine may not be sufficient to overwhelm the network bandwidth of a major online retailer, as the attacker's machine may have limited bandwidth itself. A volumetric flood attack can also be detected and mitigated by using traffic shaping or rate limiting techniques.Reference:

Pulse Wave DDoS Attacks: What You Need to Know

DDoS Attack Prevention: 7 Effective Mitigation Strategies

DDoS Attack Types: Glossary of Terms

DDoS Attacks: What They Are and How to Protect Yourself

DDoS Attack Prevention: How to Protect Your Website


Contribute your Thoughts:

Murray
2 months ago
Option C, all the way! Botnet Pulse Wave is the perfect combo of high-volume and covert. Gotta stay one step ahead of those security teams, am I right?
upvoted 0 times
Lashaun
10 days ago
True, but with a Pulse Wave attack, the traffic pulses at regular intervals can keep the network constantly under pressure.
upvoted 0 times
...
Cory
15 days ago
But wouldn't a SYN flood attack be more difficult to defend against since it targets connection state tables?
upvoted 0 times
...
Eun
19 days ago
I agree, using a botnet for high-volume traffic pulses is a smart move to overwhelm the network.
upvoted 0 times
...
Kris
1 months ago
Definitely, Option C sounds like a solid plan. Pulse Wave attacks can be really effective.
upvoted 0 times
...
...
Carey
2 months ago
Ooh, Option B is a classic. ICMP flood, you say? Bet the retailer didn't see that one coming. Gotta love a good ol' exploit, right?
upvoted 0 times
Tommy
1 months ago
Elza: The retailer better have some strong defenses in place.
upvoted 0 times
...
Elza
1 months ago
User 2: Definitely, it's a sneaky way to overload the network.
upvoted 0 times
...
Karl
1 months ago
Yeah, ICMP flood attacks can be pretty effective.
upvoted 0 times
...
...
Kimberlie
2 months ago
Haha, Option D is just lazy. Using a single machine? That's not very disruptive, is it? I'd go for the botnet Pulse Wave, keep 'em on their toes!
upvoted 0 times
...
Sueann
2 months ago
I think Option A is the most effective. A good old-fashioned SYN flood will tie up those servers and leave the retailer scrambling. Keeps the attacker's identity hidden too.
upvoted 0 times
Callie
25 days ago
User 3: Plus, the attacker can stay anonymous while causing maximum disruption.
upvoted 0 times
...
Paulina
26 days ago
User 2: Yeah, and it would be hard for them to block because it's protocol-based.
upvoted 0 times
...
Fletcher
29 days ago
User 1: I agree, a SYN flood attack would definitely cause chaos for the online retailer.
upvoted 0 times
...
...
Dominga
2 months ago
Why do you think option D is better?
upvoted 0 times
...
Sunny
3 months ago
I disagree, I believe option D is the best choice.
upvoted 0 times
...
Dominga
3 months ago
I think option C would be the most effective.
upvoted 0 times
...
Dexter
3 months ago
Option C is definitely the way to go. A botnet-based Pulse Wave attack is designed to evade simple defenses like IP blocking. Gotta keep that identity on the down-low, you know?
upvoted 0 times
Kattie
2 months ago
I agree, using a botnet for a Pulse Wave attack is a smart move.
upvoted 0 times
...
Von
2 months ago
Yeah, it's a good way to overwhelm the network resources while staying hidden.
upvoted 0 times
...
...

Save Cancel