Eccouncil Exam 312-50 Topic 13 Question 101 Discussion

Actual exam question for Eccouncil's 312-50 exam

Question #: 101
Topic #: 13

A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?

AThe attacker should instigate a protocol-based SYN flood attack, consuming connection state tables on the retailer's servers

BThe attacker should execute a simple ICMP flood attack from a single IP, exploiting the retailer's ICMP processing

CThe attacker should leverage a botnet to launch a Pulse Wave attack, sending high-volume traffic pulses at regular intervals

DThe attacker should initiate a volumetric flood attack using a single compromised machine to overwhelm the retailer's network bandwidth
Explanation:
A Pulse Wave attack is a type of DDoS attack that uses a botnet to send high-volume traffic pulses at regular intervals, typically lasting for a few minutes each. The attacker can adjust the frequency and duration of the pulses to maximize the impact and evade detection. A Pulse Wave attack can exhaust the network resources of the target, as well as the resources of any DDoS mitigation service that the target may use. A Pulse Wave attack can also conceal the attacker's identity, as the traffic originates from multiple sources that are part of the botnet. A Pulse Wave attack can bypass simple defensive measures, such as IP-based blocking, as the traffic can appear legitimate and vary in source IP addresses.
The other options are less effective or feasible for the attacker's objectives. A protocol-based SYN flood attack is a type of DDoS attack that exploits the TCP handshake process by sending a large number of SYN requests to the target server, without completing the connection. This consumes the connection state tables on the server, preventing it from accepting new connections. However, a SYN flood attack can be easily detected and mitigated by using SYN cookies or firewalls. A SYN flood attack can also expose the attacker's identity, as the source IP addresses of the SYN requests can be traced back to the attacker. An ICMP flood attack is a type of DDoS attack that sends a large number of ICMP packets, such as ping requests, to the target server, overwhelming its ICMP processing capacity. However, an ICMP flood attack from a single IP can be easily blocked by using IP-based filtering or disabling ICMP responses. An ICMP flood attack can also reveal the attacker's identity, as the source IP address of the ICMP packets can be identified. A volumetric flood attack is a type of DDoS attack that sends a large amount of traffic to the target server, saturating its network bandwidth and preventing legitimate users from accessing it. However, a volumetric flood attack using a single compromised machine may not be sufficient to overwhelm the network bandwidth of a major online retailer, as the attacker's machine may have limited bandwidth itself. A volumetric flood attack can also be detected and mitigated by using traffic shaping or rate limiting techniques.Reference:
Pulse Wave DDoS Attacks: What You Need to Know
DDoS Attack Prevention: 7 Effective Mitigation Strategies
DDoS Attack Types: Glossary of Terms
DDoS Attacks: What They Are and How to Protect Yourself
DDoS Attack Prevention: How to Protect Your Website

Show Suggested Answer

Suggested Answer: A

by Ashlyn at Jan 25, 2025, 05:54 AM

Limited Time Offer

25%

2 months ago

Haha, ICMP flood? What is this, the stone age? Gotta go big or go home with a Pulse Wave attack. That's the way to really make the retailer's life miserable.

upvoted 0 times

Freeman

1 months ago

User 2

upvoted 0 times

...

Josephine

1 months ago

User 1

upvoted 0 times

...

William

2 months ago

I think the most effective attack strategy would be to leverage a botnet for a Pulse Wave attack.

upvoted 0 times

...

2 months ago

A Pulse Wave attack? Sounds like the perfect way to keep the attacker's identity hidden while causing maximum chaos. I'm impressed by the strategic thinking here.

upvoted 0 times

Ming

1 months ago

C) A Pulse Wave attack can conceal the attacker's identity and bypass simple defensive measures.

upvoted 0 times

...

Karan

1 months ago

A Pulse Wave attack can exhaust the network resources of the target and evade detection.

upvoted 0 times

...

Latosha

2 months ago

C) The attacker should leverage a botnet to launch a Pulse Wave attack, sending high-volume traffic pulses at regular intervals

upvoted 0 times

...