🛡️ Free practice test question from: DDos attack types (Security+)

UDP Flood Attack Indicators:

→ Multiple Protocol Types Including UDP: The presence of UDP packets targeting both network and application ports suggests a UDP flood aiming to overwhelm the servers with stateless traffic.

→ Wide Range of Source IPs: Distributed sources with some spoofed IP addresses align with the nature of UDP floods, making mitigation more challenging.

→ Increased CPU Usage for Packet Processing: Handling a large volume of UDP packets without associated application processes consumes significant CPU resources (packet processing challenge)

IP Fragmentation Attack Indicators:

→ Frequent Reassembly Attempts: Logs indicating numerous fragment reassembly attempts are characteristic of IP fragmentation attacks, where attackers send fragmented packets to exhaust resources during the reassembly process.

→ Intermittent Accessibility Issues: The combined effect of UDP floods and fragmented packets can cause intermittent service disruptions, as observed during high-traffic exam periods.

A) ICMP Flood Attack and SYN Flood Attack:

While ICMP floods involve multiple small packets, SYN floods specifically target the TCP handshake process, which is not directly indicated by the presence of UDP packets and fragmented IP packets in the scenario.

B) ARP Flood Attack and DNS Flood Attack:

ARP floods target local network segments and involve ARP requests, which are not mentioned in the scenario. DNS floods focus on overwhelming DNS resolution services, which does not align with the observed mixed protocol traffic and fragmentation issues.

D) ACK Flood Attack and HTTP POST Attack:

ACK floods involve sending numerous ACK packets to overwhelm network devices, and HTTP POST attacks target application resources by sending resource-intensive POST requests. The scenario’s emphasis on UDP and fragmented IP packets does not support this combination.