An analyst is monitoring network traffic and observes a large number of TCP SYN packets sent to a single host on various ports with no corresponding SYN-ACK replies. This behavior is most indicative of which type of attack?
Trap 1: ARP spoofing
ARP spoofing involves falsified ARP messages, not TCP SYN packets.
Trap 2: DNS amplification attack
DNS amplification uses DNS responses with large payloads, not SYN packets.
Trap 3: ICMP flood attack
ICMP flood uses ICMP Echo Request packets, not TCP SYN.
- A
ARP spoofing
Why wrong: ARP spoofing involves falsified ARP messages, not TCP SYN packets.
- B
DNS amplification attack
Why wrong: DNS amplification uses DNS responses with large payloads, not SYN packets.
- C
ICMP flood attack
Why wrong: ICMP flood uses ICMP Echo Request packets, not TCP SYN.
- D
SYN flood attack
The scenario matches a SYN flood: many SYN packets, no SYN-ACK replies, indicating resource exhaustion.