SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake
and opens a large number of half-open TCP connections. The signature of attack for SYN Flood
contains:
A.
The source and destination address having the same value
B.
A large number of SYN packets appearing on a network without the corresponding reply
packets
C.
The source and destination port numbers having the same value
D.
A large number of SYN packets appearing on a network with the corresponding reply packets
D – The attacker sends SYN; the target replies with SYN/ACK; but the attacker does not reply back with ACK.
I thought D as well for the exact same reason.
Answer is B.
Badly worded but from this the answer has to be D. The SYN is sent, the victim replies with a SYN/ACK but then the perp does not reply. This rules out B since there will be SYN/ACK replies.
The answer is B, even though you are correct and the SYN/ACK is sent from the victim’s side. the “without the corresponding reply” is referring to the traffic from the attacker and how it sends the first SYN but not the corresponding ACK. It is just poorly worded