312-50V11 · Question #353
What is a successful method for protecting a router from potential smurf attacks?
The correct answer is D. Disabling the router from accepting broadcast ping messages. A smurf attack exploits ICMP broadcast amplification to flood a victim with traffic. Disabling broadcast ping acceptance on the router stops the router from forwarding these amplified ICMP replies.
Question
What is a successful method for protecting a router from potential smurf attacks?
Options
- APlacing the router in broadcast mode
- BEnabling port forwarding on the router
- CInstalling the router outside of the network's firewall
- DDisabling the router from accepting broadcast ping messages
How the community answered
(28 responses)- A4% (1)
- B4% (1)
- D93% (26)
Why each option
A smurf attack exploits ICMP broadcast amplification to flood a victim with traffic. Disabling broadcast ping acceptance on the router stops the router from forwarding these amplified ICMP replies.
Placing a router in broadcast mode would amplify the attack by increasing the number of hosts that respond to broadcast pings, worsening the impact.
Port forwarding redirects specific TCP/UDP traffic to internal hosts and has no effect on ICMP broadcast amplification used in smurf attacks.
Installing the router outside the firewall increases its exposure to attack rather than protecting it from smurf-style broadcast flooding.
A smurf attack works by sending spoofed ICMP echo requests to a network broadcast address, causing all hosts to reply to the victim. Disabling the router from accepting or forwarding directed broadcast ping messages eliminates the amplification mechanism entirely, preventing the attack from succeeding.
Concept tested: Mitigating ICMP smurf amplification attacks
Source: https://www.cisco.com/c/en/us/support/docs/ip/ip-multicast/13786-20.html
Topics
Community Discussion
No community discussion yet for this question.