PrepAway - Latest Free Exam Questions & Answers

Which of the following attacks does this prevent?

An administrator is instructed to disable IP-directed broadcasts on all routers in an organization. Which of
the following attacks does this prevent?

PrepAway - Latest Free Exam Questions & Answers

A.
Pharming

B.
Smurf

C.
Replay

D.
Xmas

Explanation:
A smurf attack is a type of network security breach in which a network connected to the Internet is
swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet
broadcast address. These are special addresses that broadcast all received messages to the hostsconnected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request
can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the
attacker’s victim. All the hosts receiving the PING request reply to this victim’s address instead of the real
sender’s address. A single attacker sending hundreds or thousands of these PING messages per second
can fill the victim’s Internet connection with ping replies, bringing their entire Internet service to its
knees. Smurfing falls under the general category of Denial of Service attacks — security attacks that don’t
try to steal information, but instead attempt to disable a computer or network.
By disabling IP-directed broadcasts on all routers, we can prevent the smurf attack by blocking the ping
requests to broadcast addresses.
Incorrect Answers:
A: Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial
related) information through domain spoofing. Rather than being spammed with malicious and
mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming ‘poisons’
a DNS server by infusing false information into the DNS server, resulting in a user’s request being
redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes
pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time
with an e-mail while pharming allows the scammers to target large groups of people at one time through
domain spoofing. Disabling IP-directed broadcasts would not prevent this attack.
C: A replay attack is a form of network attack in which a valid data transmission is maliciously or
fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who
intercepts the data and retransmits it. Disabling IP-directed broadcasts would not prevent this attack.
D: In information technology, a Christmas (Xmas) tree packet is a packet with every single option set for
whatever protocol is in use. Christmas tree packets can be used as a method of divining the underlying
nature of a TCP/IP stack by sending the packets and awaiting and analyzing the responses. When used as
part of scanning a system, the TCP header of a Christmas tree packets has the flags SYN, FIN, URG and
PSH set. Many operating systems implement their compliance with the Internet Protocol standard (RFC
791) in varying or incomplete ways. By observing how a host responds to an odd packet, such as a
Christmas tree packet, assumptions can be made regarding the host’s operating system. Disabling IPdirected broadcasts would not prevent this attack.

http://www.webopedia.com/TERM/S/smurf.htmlhttp://www.webopedia.com/TERM/P/pharming.html
http://en.wikipedia.org/wiki/Christmas_tree_packet


Leave a Reply