Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection reveals they are not responses from internal hosts’ requests but simply responses coming from the Internet.
What could be the likely cause of this?
A.
Someone spoofed Clive’s IP address while doing a smurf attack
B.
Someone spoofed Clive’s IP address while doing a land attack
C.
Someone spoofed Clive’s IP address while doing a DoS attack
D.
Someone spoofed Clive’s IP address while doing a fraggle attack
Explanation:
The smurf attack, named after its exploit program, is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system. In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.