A security analyst notices a high volume of ICMP Echo Reply packets on the network. The source IPs are varied, but the destination IP is the same. Which type of attack is MOST likely occurring?
Trap 1: UDP flood
UDP flood sends many UDP packets to random ports, not ICMP packets.
Trap 2: Ping of Death
Ping of Death sends oversized ICMP packets to cause a buffer overflow, not a flood of replies.
Trap 3: ICMP flood
An ICMP flood typically sends many ICMP Echo Requests (not replies) from a single source to overwhelm the target.
- A
UDP flood
Why wrong: UDP flood sends many UDP packets to random ports, not ICMP packets.
- B
Ping of Death
Why wrong: Ping of Death sends oversized ICMP packets to cause a buffer overflow, not a flood of replies.
- C
Smurf attack
Correct. The large number of ICMP Echo Replies from multiple sources to a single target is characteristic of a Smurf attack.
- D
ICMP flood
Why wrong: An ICMP flood typically sends many ICMP Echo Requests (not replies) from a single source to overwhelm the target.