A security analyst reviews an alert from the IPS that shows a spike in TCP SYN packets from an external IP to multiple internal hosts on port 443. What is the most likely attack type?
Trap 1: Port scanning
Port scanning typically targets multiple ports on a single host, not multiple hosts on a single port.
Trap 2: Man-in-the-middle
MITM intercepts communications between two parties.
Trap 3: DNS amplification
DNS amplification uses UDP, not TCP SYN.
- A
SYN flood
A SYN flood sends many TCP SYN packets to exhaust resources.
- B
Port scanning
Why wrong: Port scanning typically targets multiple ports on a single host, not multiple hosts on a single port.
- C
Man-in-the-middle
Why wrong: MITM intercepts communications between two parties.
- D
DNS amplification
Why wrong: DNS amplification uses UDP, not TCP SYN.