Which of the following attacks impact the availability of a system? (Select TWO).

A.
Smurf

B.
Phishing

C.
Spim

D.
DDoS

E.
Spoofing

Explanation:
A smurf attack is a type of network security breach in which a network connected to the Internet is
swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet
broadcast address. These are special addresses that broadcast all received messages to the hosts
connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request
can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the
attacker’s victim. All the hosts receiving the PING request reply to this victim’s address instead of the real
sender’s address. A single attacker sending hundreds or thousands of these PING messages per second
can fill the victim’s T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees.
Smurfing falls under the general category of Denial of Service attacks — security attacks that don’t try to
steal information, but instead attempt to disable a computer or network.
A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a
single computer.
One common method of attack involves saturating the target machine with external communications
requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered
essentially unavailable. Such attacks usually lead to a server overload.
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or
resources of a targeted system, usually one or more web servers. Such an attack is often the result of
multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a
server is overloaded with connections, new connections can no longer be accepted. The major
advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can
generate more attack traffic than one machine, multiple attack machines are harder to turn off than oneattack machine, and that the behavior of each attack machine can be stealthier, making it harder to track
and shut down. These attacker advantages cause challenges for defense mechanisms. For example,
merely purchasing more incoming bandwidth than the current volume of the attack might not help,
because the attacker might be able to simply add more attack machines. This after all will end up
completely crashing a website for periods of time.
Incorrect Answers:
B: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate
enterprise in an attempt to scam the user into surrendering private information that will be used for
identity theft. Phishing does not impact the availability of a system.
C: SPIM is a term sometimes used to refer to spam over IM (Instant Messaging). It consists of unwanted
messages transmitted through some form of instant messaging service. SPIM does not impact the
availability of a system.
E: There are several kinds of spoofing including email, caller ID, MAC address, and uniform resource
locator (URL) spoof attacks. All types of spoofing are designed to imitate something or someone. Spoofing
does not impact the availability of a system.

http://www.webopedia.com/TERM/S/smurf.html
http://en.wikipedia.org/wiki/Denial-of-service_attack