What sort of attack is described by the following: An attacker has a list of broadcast addresses which it stores
into an array, the attacker sends a spoofed icmp echo request to each of those addresses in series and starts
again. The spoofed IP address used by the attacker as the source of the packets is the target/victim IP
address.

A.
Smurf Attack

B.
Fraggle Attack

C.
LAND Attack

D.
Replay Attack

Explanation:
In a Smurf Attack the attacker sends an ICMP ECHO REQUEST packet with a spoofed source address to a
victim’s network broadcast address. This means that each system on the victim’s subnet receives an ICMP
ECHO REQUEST packet. Each system then replies to that request with an ICMP ECHO REPLY packet to the
spoof address provided in the packets—which is the victim’s address. All of these response packets go to the
victim system and overwhelm it because it is being bombarded with packets it does not necessarily know how
to process. The victim system may freeze, crash, or reboot.
Incorrect Answers:
B: A fraggle attack is a variation of a Smurf attack where an attacker sends a large amount of UDP traffic to
ports 7 (echo) and 19 (chargen) to an IP Broadcast Address, with the intended victim’s spoofed source IP
address.
C: A LAND attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host’s IP
address to an open port as both source and destination. This causes the machine to reply to itself continuously.
D: A replay attack (also known as playback attack) is a form of network attack in which a valid data
transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by
an adversary who intercepts the data and retransmits it.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 587