Which of the following statement correctly defines ICMP Flood Attack? (Select 2 answers)
A.
Bogus ECHO reply packets are flooded on the network spoofing the IP and MAC address
B.
The ICMP packets signal the victim system to reply and the combination of traffic saturates the bandwidth of the victim’s network
C.
ECHO packets are flooded on the network saturating the bandwidth of the subnet causing denial of service
D.
A DDoS ICMP flood attack occurs when the zombies send large volumes of ICMP_ECHO_REPLY packets to the victim system.
Where are the zombies in the picture?
please read my comment below
There aren’t. The answers here are wrong. They should be B & C. DDoS icmp flood attack was never mentioned and has no place here and 2, icmp floods use echo REQUESTs, not reply’s.
Please read my comment below
There are multiple zombies mentioned in the picture “The attacker sends icmp echo requests with spoofed source ADDRESSES” so it is a DDoS.
“An ICMP flood attack occurs when the zombies send large volumes of ICMP_ECHO_REPLY packets (“ping”) to the victim system[20]. These packets signal the victim system to reply and the combination of traffic saturates the bandwidth of the victim’s network connection” [8][20]. The source IP address of the ICMP packet may also be spoofed during these attacks [8][20].
source: http://www.ukessays.co.uk/essays/english-language/a-denial-of-service.php
Under: A. DDoS Bandwidth Depletion Attacks [1][8][20]
but really I am not convinced that these are the only two answers!
Correction: they are the only two answers since A is not valid because ICMP packet MAAAY also be spoofed DURING these attacks
“when the zombies send large volumes of ICMP_ECHO_REPLY packets”
WTF?
Zombies send ICMP rcho request packets and the server sends back the reply.
Okay, the structure is the same except the type.
http://tools.ietf.org/html/rfc792 page 14.
Yeah, i found this image and the explanation. (Module 10, page 12)
After the ICMP threshold is reached, the router rejects the further ICMP echo requests from all addresses in the same security zone for the remainder of the current second and the next second as well.
Please let me know if you’re looking for a author for your weblog. You have some really good posts and I feel I would be a good asset. If you ever want to take some of the load off, I’d love to write some articles for your blog in exchange for a link back to mine. Please send me an email if interested. Thank you!
http://www.vcdesign.es/index.php/component/k2/itemlist/user/325044