Which of the following statement correctly defines ICMP Flood Attack?

Which of the following statement correctly defines ICMP Flood Attack? (Select 2 answers)

(exhibit)

Which of the following statement correctly defines ICMP Flood Attack? (Select 2 answers)

A.
Bogus ECHO reply packets are flooded on the network spoofing the IP and MAC address

B.
The ICMP packets signal the victim system to reply and the combination of traffic saturates the bandwidth of the victim’s network

C.
ECHO packets are flooded on the network saturating the bandwidth of the subnet causing denial of service

D.
A DDoS ICMP flood attack occurs when the zombies send large volumes of ICMP_ECHO_REPLY packets to the victim system.

Show Hint

Leave a Reply 9

Your email address will not be published. Required fields are marked *

Unethica

Unethica

Where are the zombies in the picture?

Reply

Ze

Ze

please read my comment below

Reply

helo

helo

There aren’t. The answers here are wrong. They should be B & C. DDoS icmp flood attack was never mentioned and has no place here and 2, icmp floods use echo REQUESTs, not reply’s.

Reply

Ze

Ze

Please read my comment below

Reply

Ze

Ze

There are multiple zombies mentioned in the picture “The attacker sends icmp echo requests with spoofed source ADDRESSES” so it is a DDoS.

“An ICMP flood attack occurs when the zombies send large volumes of ICMP_ECHO_REPLY packets (“ping”) to the victim system[20]. These packets signal the victim system to reply and the combination of traffic saturates the bandwidth of the victim’s network connection” [8][20]. The source IP address of the ICMP packet may also be spoofed during these attacks [8][20].

source: http://www.ukessays.co.uk/essays/english-language/a-denial-of-service.php
Under: A. DDoS Bandwidth Depletion Attacks [1][8][20]

but really I am not convinced that these are the only two answers!

Reply

Ze

Ze

Correction: they are the only two answers since A is not valid because ICMP packet MAAAY also be spoofed DURING these attacks

Reply

Gergo

Gergo

“when the zombies send large volumes of ICMP_ECHO_REPLY packets”

WTF?
Zombies send ICMP rcho request packets and the server sends back the reply.
Okay, the structure is the same except the type.

http://tools.ietf.org/html/rfc792 page 14.

Reply

Gergo

Gergo

Yeah, i found this image and the explanation. (Module 10, page 12)

After the ICMP threshold is reached, the router rejects the further ICMP echo requests from all addresses in the same security zone for the remainder of the current second and the next second as well.

Reply

Sharon Godina

Sharon Godina

Please let me know if you’re looking for a author for your weblog. You have some really good posts and I feel I would be a good asset. If you ever want to take some of the load off, I’d love to write some articles for your blog in exchange for a link back to mine. Please send me an email if interested. Thank you!

http://www.vcdesign.es/index.php/component/k2/itemlist/user/325044

Reply