試験212-82 トピック4 問題57 スレッド
ECCouncil 212-82のリアル試験問題集
問題 #: 57
トピック #: 4
問題 #: 57
トピック #: 4
An attacker with malicious intent used SYN flooding technique to disrupt the network and gain advantage over the network to bypass the Firewall. You are working with a security architect to design security standards and plan for your organization. The network traffic was captured by the SOC team and was provided to you to perform a detailed analysis. Study the Synflood.pcapng file and determine the source IP address.
Note: Synflood.pcapng file is present in the Documents folder of Attacker-1 machine.
Note: Synflood.pcapng file is present in the Documents folder of Attacker-1 machine.
おすすめの解答:B 解答を投票する
20.20.10.19 is the source IP address of the SYN flooding attack in the above scenario. SYN flooding is a type of denial-of-service (DoS) attack that exploits the TCP (Transmission Control Protocol) three-way handshake process to disrupt the network and gain advantage over the network to bypass the firewall. SYN flooding sends a large number of SYN packets with spoofed source IP addresses to a target server, causing it to allocate resources and wait for the corresponding ACK packets that never arrive. This exhausts the server's resources and prevents it from accepting legitimate requests . To determine the source IP address of the SYN flooding attack, one has to follow these steps:
Navigate to the Documents folder of Attacker-1 machine.
Double-click on Synflood.pcapng file to open it with Wireshark.
Click on Statistics menu and select Conversations option.
Click on TCP tab and sort the list by Bytes column in descending order.
Observe the IP address that has sent the most bytes to 20.20.10.26 (target server).
The IP address that has sent the most bytes to 20.20.10.26 is 20.20.10.19 , which is the source IP address of the SYN flooding attack.
Navigate to the Documents folder of Attacker-1 machine.
Double-click on Synflood.pcapng file to open it with Wireshark.
Click on Statistics menu and select Conversations option.
Click on TCP tab and sort the list by Bytes column in descending order.
Observe the IP address that has sent the most bytes to 20.20.10.26 (target server).
The IP address that has sent the most bytes to 20.20.10.26 is 20.20.10.19 , which is the source IP address of the SYN flooding attack.
Shibusawa 2024-02-09 06:33:47
コメント
他人の解答コメントを賛成するのも、その解答に一票を入れることになります。したがって、すでに同じ意見の投票コメントが存在する場合、新規コメントをする代わりに賛成することもできます。
コメントを通報する
コメント中
今すぐ 新規登録 / ログイン (無料です)。