which of the following attacks?

A network analyst received a number of reports that impersonation was taking place on the network.
Session tokens were deployed to mitigate this issue and defend against which of the following attacks?

A.
Replay

B.
DDoS

C.
Smurf

D.
Ping of Death

Explanation:
A replay attack (also known as playback attack) is a form of network attack in which a valid data
transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator
or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by
IP packet substitution (such as stream cipher attack).
For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of
identity, which Alice dutifully provides (possibly after some transformation like a hash function);
meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the
interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends
Alice’s password (or hash) read from the last session, which Bob accepts thus granting access to Eve.
Countermeasures: A way to avoid replay attacks is by using session tokens: Bob sends a one-time token to
Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash
function of the session token appended to the password). On his side Bob performs the same
computation; if and only if both values match, the login is successful. Now suppose Eve has captured this
value and tries to use it on another session; Bob sends a different session token, and when Eve replies
with the captured value it will be different from Bob’s computation.
Session tokens should be chosen by a (pseudo-) random process. Otherwise Eve may be able to pose as
Bob, presenting some predicted future token, and convince Alice to use that token in her transformation.
Eve can then replay her reply at a later time (when the previously predicted token is actually presented by
Bob), and Bob will accept the authentication.
One-time passwords are similar to session tokens in that the password expires after it has been used or
after a very short amount of time. They can be used to authenticate individual transactions in addition to
sessions. The technique has been widely implemented in personal online banking systems.
Bob can also send nonces but should then include a message authentication code (MAC), which Alice
should check.
Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a
secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC.When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her
message, which is also authenticated. Bob only accepts messages for which the timestamp is within a
reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-)
random numbers, with the trade-off being that replay attacks, if they are performed quickly enough i.e.
within that ‘reasonable’ limit, could succeed.
Incorrect Answers:
B: A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a
single computer.
One common method of attack involves saturating the target machine with external communications
requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered
essentially unavailable. Such attacks usually lead to a server overload.
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or
resources of a targeted system, usually one or more web servers. Such an attack is often the result of
multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a
server is overloaded with connections, new connections can no longer be accepted. Session tokens are
not used to defend against this type of attack.
C: A smurf attack is a type of network security breach in which a network connected to the Internet is
swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet
broadcast address. These are special addresses that broadcast all received messages to the hosts
connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request
can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the
attacker’s victim. All the hosts receiving the PING request reply to this victim’s address instead of the real
sender’s address. A single attacker sending hundreds or thousands of these PING messages per second
can fill the victim’s T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees.
Smurfing falls under the general category of Denial of Service attacks — security attacks that don’t try to
steal information, but instead attempt to disable a computer or network. Session tokens are not used to
defend against this type of attack.
D: A ping of death is a type of attack on a computer that involves sending a malformed or otherwise
malicious ping to a computer.A correctly formed ping message is typically 56 bytes in size, or 84 bytes when the Internet Protocol [IP]
header is considered. Historically, many computer systems could not properly handle a ping packet larger
than the maximum IPv4 packet size of 65535bytes. Larger packets could crash the target computer.
In early implementations of TCP/IP, this bug was easy to exploit. This exploit affected a wide variety of
systems, including Unix, Linux, Mac, Windows, printers, and routers.
Generally, sending a 65,536-byte ping packet violates the Internet Protocol as documented in RFC 791,
but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the
packet, a buffer overflow can occur, which often causes a system crash.
Later a different kind of ping attack became widespread—ping flooding simply floods the victim with so
much ping traffic that normal traffic fails to reach the system, a basic denial-of-service attack.
Session tokens are not used to defend against this type of attack.

http://en.wikipedia.org/wiki/Replay_attack
http://www.webopedia.com/TERM/S/smurf.html
http://en.wikipedia.org/wiki/Ping_of_death