Which statement is true about a Smurf attack?
A.
It sends ping requests to a subnet, requesting that devices on that subnet send ping replies to a target system.
B.
It intercepts the third step in a TCP three-way handshake to hijack a session.
C.
It uses Trojan horse applications to create a distributed collection of “zombie” computers, which can be used to launch a coordinated DDoS attack.
D.
It sends ping requests in segments of an invalid size.
Explanation/Reference:
“Smurf attack” can use ICMP traffic directed to a subnet to flood a target system with ping replies.Example: in the figure below that the attacker sends a ping to the subnet broadcast
address of 172.16.0.0/16. This collection of pings instructs devices on that subnet to send
their ping replies to the target system at IP address 10.2.2.2, thus flooding the target
system’s bandwidth and processing resources.
