Question

Larry is a network administrator for a small accounting firm and has heard some of his users complaining of slow connectivity. When he started investigating the firewall logs, he saw a large number of half-open connections. What best describes his findings?

A. SYN Flood
B. DDoS
C. Buffer overflow
D. ARP Poisoning

Answer 1

Larry is likely observing a SYN Flood attack, which is a type of Denial of Service attack characterized by numerous half-open connections that overwhelm a server.

Step-by-step explanation:

Larry's findings best describe a SYN Flood attack. In this type of attack, an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. It is part of the broader category of cyber attacks known as Denial of Service (DoS) attacks, where the aim is to make a machine or network resource unavailable to its intended users.

Since Larry noticed a significant number of half-open connections which are symptomatic of SYN Floods, this seems to be the most fitting description of what he has observed in the firewall logs. It's important for him to address this promptly as it can severely impact the network's performance and reliability.