ISC2 CSSLP Exam - Topic 5 Question 105 Discussion

According to the scenario, Samantha is using the ping flood attack. In a ping flood attack, an attacker sends a large number of ICMP packets

to the target computer using the ping command, i.e., ping -f target_IP_address. When the target computer receives these packets in large

quantities, it does not respond and hangs. However, for such an attack to take place, the attacker must have sufficient Internet bandwidth,

because if the target responds with an 'ECHO reply ICMP packet' message, the attacker must have both the incoming and outgoing

bandwidths available for communication.

Answer A is incorrect. In a smurf DoS attack, an attacker sends a large amount of ICMP echo request traffic to the IP broadcast

addresses. These ICMP requests have a spoofed source address of the intended victim. If the routing device delivering traffic to those

broadcast addresses delivers the IP broadcast to all the hosts, most of the IP addresses send an ECHO reply message. However, on a multi-

access broadcast network, hundreds of computers might reply to each packet when the target network is overwhelmed by all the messages

sent simultaneously. Due to this, the network becomes unable to provide services to all the messages and crashes.

Answer D is incorrect. In a teardrop attack, a series of data packets are sent to the target computer with overlapping offset field

values. As a result, the target computer is unable to reassemble these packets and is forced to crash, hang, or reboot.

Answer B is incorrect. In a land attack, the attacker sends a spoofed TCP SYN packet in which the IP address of the target is filled in

both the source and destination fields. On receiving the spoofed packet, the target system becomes confused and goes into a frozen state.

Now-a-days, antivirus can easily detect such an attack.