Which of the following BEST describes the type of attack that is occurring?
Man in the middle
Ping of Death
The exhibit shows that all the computers on the network are being ‘pinged’. This indicates that the ping requestwas sent to the network broadcast address. We can also see that all the replies were received by one (probably
with a spoofed address) host on the network. This is typical of a smurf attack.
A smurf attack is a type of network security breach in which a network connected to the Internet is swamped
with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcast
address. These are special addresses that broadcast all received messages to the hosts connected to the
subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255
times. The return address of the request itself is spoofed to be the address of the attacker’s victim. All the hosts
receiving the PING request reply to this victim’s address instead of the real sender’s address. A single attacker
sending hundreds or thousands of these PING messages per second can fill the victim’s T-1 (or even T-3) line
with ping replies, bring the entire Internet service to its knees.
Smurfing falls under the general category of Denial of Service attacks — security attacks that don’t try to steal
information, but instead attempt to disable a computer or network.