Question

Mary is analyzing system logs after a security incident and notices many cases where remote systems initiated three-way TCP handshakes that were never completed. What type of attack likely occurred?

A. Cross-site scripting
B. SQL injection
C. DNS poisoning
D. SYN Flood

Answer 1

A likely attack in the scenario where three-way TCP handshakes are initiated but not completed is a SYN Flood attack, a type of Denial-of-Service (DoS) attack.

Step-by-step explanation:

When analyzing system logs and noticing many cases where remote systems initiated three-way TCP handshakes that were never completed, the type of attack that likely occurred is a SYN Flood. A SYN Flood is a form of Denial-of-Service (DoS) attack that exploits part of the normal TCP three-way handshake to consume resources on the targeted server and render it unresponsive. This attack takes advantage of the fact that the server must wait for the completion of the handshake, which never occurs, thus overwhelming the server with half-open connections.