Which of the following attacks impact the availability of a system? (Choose two.)
A smurf attack is a type of network security breach in which a network connected to the Internet is swamped
with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcastaddress. These are special addresses that broadcast all received messages to the hosts connected to the
subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255
times. The return address of the request itself is spoofed to be the address of the attacker’s victim. All the hosts
receiving the PING request reply to this victim’s address instead of the real sender’s address. A single attacker
sending hundreds or thousands of these PING messages per second can fill the victim’s T-1 (or even T-3) line
with ping replies, bring the entire Internet service to its knees.
Smurfing falls under the general category of Denial of Service attacks — security attacks that don’t try to steal
information, but instead attempt to disable a computer or network.
A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single
One common method of attack involves saturating the target machine with external communications requests,
so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially
unavailable. Such attacks usually lead to a server overload.
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of
a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised
systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with
connections, new connections can no longer be accepted. The major advantages to an attacker of using a
distributed denial-of-service attack are that multiple machines can generate more attack traffic than one
machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of
each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages
cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than
the current volume of the attack might not help, because the attacker might be able to simply add more attack
machines. This after all will end up completely crashing a website for periods of time.