89.4k views
5 votes
Larry is a network administrator for a small accounting firm and has heard some of his users complaining of slow connectivity. When he started investigating the firewall logs, he saw a large number of half-open connections. What best describes his findings?

User Taty
by
8.1k points

1 Answer

0 votes

Final answer:

Larry's discovery of half-open connections suggests a SYN flood attack, which is a type of Denial of Service attack causing slow connectivity due to the overwhelming number of incomplete TCP handshakes flooding the network.

Step-by-step explanation:

Larry, the network administrator, has discovered a large number of half-open connections on his company's firewall log. This typically indicates a SYN flood attack, which is a type of Denial of Service (DoS) attack. In a SYN flood, the attacker sends a volume of SYN requests to a target's system in an attempt to overwhelm it and make legitimate traffic slow or even unavailable. Each of these half-open connections represents an incomplete TCP handshake, where the server has sent back an acknowledgement (SYN-ACK) but has not received the final acknowledgement from the client (ACK). This high volume of half-open connections can use up the connection tables in networking equipment, leading to slow connectivity as legitimate users struggle to establish new connections.

User Kvothe
by
8.3k points
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.