Which of the following describes a TCP injection attack?
- Many TCP SYN packets are captures with the same sequence number, source, and destination IP address, but different payloads.
- there is an abnormally high volume of scanning from numerous sources
- many TCP SYN packets are captured with the same sequence number, but different source and destination IP addresses and different payloads
- an attacker performs actions slower than normal
A TCP injection attack occurs when the attacker injects data into a TCP packet. Evidence of this attack would be many TCP SYN packets captured with the same sequence number, source and destination IP address but different payloads.
In a resource exhaustion attack, the goal is to overwhelm the IPS or IDS that it cannot keep up. Therefore, it uses an abnormally high volume of scanning from numerous sources. resource exhaustion occurs when a system runs out of limited resources, such as bandwidth, RAM, or hard drive space. Without the required storage space (as an example), the system can no longer perform as expected, and crashes.
Timing attacks are those in which the operations are carried out at a much slower than normal pace to keep the IPS or IDS from assembling the operation in to a recognizable attack.
Capturing many TCP SYN packets captured with the same sequence number, but different source and destination IP address and different payloads, is possible but unlikely. It would not represent a TCP injection attack.
Objective: Attack Methods
Sub-Objective: Describe these evasion methods. Encryption and tunneling, Resource exhaustion, Traffic fragmentation, Protocol-level misinterpretation, traffic substitution and insertion, Pivot.