Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply
packets that are being received on the external gateway interface. Further inspection reveals that
they are not responses from the internal hosts’ requests but simply responses coming from the
Internet.
What could be the most likely cause?
A.
Someone has spoofed Clive’s IP address while doing a smurf attack.
B.
Someone has spoofed Clive’s IP address while doing a land attack.
C.
Someone has spoofed Clive’s IP address while doing a fraggle attack.
D.
Someone has spoofed Clive’s IP address while doing a DoS attack.
Explanation:
The smurf attack,named after its exploit program,is a denial-of-service attack that
uses spoofed broadcast ping messages to flood a target system. In such an attack,a perpetrator
sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses,all of it having a
spoofed source address of the intended victim. If the routing device delivering traffic to those
broadcast addresses performs the IP broadcast to layer 2 broadcast function,most hosts on that IP
network will take the ICMP echo request and reply to it with an echo reply,multiplying the traffic by
the number of hosts responding. On a multi-access broadcast network,hundreds of machines
might reply to each packet.
A