312-50V10 · Question #353
What is a successful method for protecting a router from potential smurf attacks?
The correct answer is D. Disabling the router from accepting broadcast ping messages. Smurf attacks amplify ICMP traffic by sending echo requests to a network broadcast address, so disabling the router's acceptance of directed broadcast pings eliminates the amplification vector.
Question
What is a successful method for protecting a router from potential smurf attacks?
Options
- APlacing the router in broadcast mode
- BEnabling port forwarding on the router
- CInstalling the router outside of the network's firewall
- DDisabling the router from accepting broadcast ping messages
How the community answered
(24 responses)- A4% (1)
- B4% (1)
- D92% (22)
Why each option
Smurf attacks amplify ICMP traffic by sending echo requests to a network broadcast address, so disabling the router's acceptance of directed broadcast pings eliminates the amplification vector.
Placing the router in broadcast mode would increase its exposure to smurf amplification rather than protect it, as it would forward broadcast traffic more aggressively.
Enabling port forwarding is a NAT feature unrelated to ICMP broadcast amplification and provides no defense against smurf attacks.
Moving the router outside the firewall increases its attack surface and does not prevent it from being used as a smurf amplifier for internal hosts.
In a smurf attack, an attacker sends ICMP echo requests to a subnet's broadcast address with the victim's IP spoofed as the source, causing all hosts on that subnet to reply to the victim. Disabling directed broadcast on the router's interface (e.g., 'no ip directed-broadcast' in Cisco IOS) prevents the router from forwarding these broadcast ping messages into the network, removing the amplification mechanism entirely. This is the industry-standard mitigation for smurf attacks.
Concept tested: Smurf attack mitigation via directed broadcast disable
Source: https://www.cisco.com/c/en/us/support/docs/ip/transmission-control-protocol-tcp/13764-10.html
Topics
Community Discussion
No community discussion yet for this question.