nerdexam
EC-Council

312-50V10 · Question #353

What is a successful method for protecting a router from potential smurf attacks?

The correct answer is D. Disabling the router from accepting broadcast ping messages. Smurf attacks amplify ICMP traffic by sending echo requests to a network broadcast address, so disabling the router's acceptance of directed broadcast pings eliminates the amplification vector.

Denial of Service

Question

What is a successful method for protecting a router from potential smurf attacks?

Options

  • APlacing the router in broadcast mode
  • BEnabling port forwarding on the router
  • CInstalling the router outside of the network's firewall
  • DDisabling the router from accepting broadcast ping messages

How the community answered

(24 responses)
  • A
    4% (1)
  • B
    4% (1)
  • D
    92% (22)

Why each option

Smurf attacks amplify ICMP traffic by sending echo requests to a network broadcast address, so disabling the router's acceptance of directed broadcast pings eliminates the amplification vector.

APlacing the router in broadcast mode

Placing the router in broadcast mode would increase its exposure to smurf amplification rather than protect it, as it would forward broadcast traffic more aggressively.

BEnabling port forwarding on the router

Enabling port forwarding is a NAT feature unrelated to ICMP broadcast amplification and provides no defense against smurf attacks.

CInstalling the router outside of the network's firewall

Moving the router outside the firewall increases its attack surface and does not prevent it from being used as a smurf amplifier for internal hosts.

DDisabling the router from accepting broadcast ping messagesCorrect

In a smurf attack, an attacker sends ICMP echo requests to a subnet's broadcast address with the victim's IP spoofed as the source, causing all hosts on that subnet to reply to the victim. Disabling directed broadcast on the router's interface (e.g., 'no ip directed-broadcast' in Cisco IOS) prevents the router from forwarding these broadcast ping messages into the network, removing the amplification mechanism entirely. This is the industry-standard mitigation for smurf attacks.

Concept tested: Smurf attack mitigation via directed broadcast disable

Source: https://www.cisco.com/c/en/us/support/docs/ip/transmission-control-protocol-tcp/13764-10.html

Topics

#smurf attack#ICMP broadcast#DoS mitigation#amplification attack

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice