What could be the most likely cause?

Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection reveals that they are not responses from the internal hosts’ requests but simply responses coming from the Internet.

What could be the most likely cause?

Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection reveals that they are not responses from the internal hosts’ requests but simply responses coming from the Internet.

What could be the most likely cause?

A.
Someone has spoofed Clive’s IP address while doing a smurf attack.

B.
Someone has spoofed Clive’s IP address while doing a land attack.

C.
Someone has spoofed Clive’s IP address while doing a fraggle attack.

D.
Someone has spoofed Clive’s IP address while doing a DoS attack.

Explanation:
The smurf attack, named after its exploit program, is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system. In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.



Leave a Reply 0

Your email address will not be published. Required fields are marked *