312-50V9 · Question #128
What is a successful method for protecting a router from potential smurf attacks?
The correct answer is D. Disabling the router from accepting broadcast ping messages. A smurf attack exploits directed broadcasts to amplify ICMP traffic against a victim, and disabling broadcast ping acceptance on the router eliminates the amplification vector.
Question
What is a successful method for protecting a router from potential smurf attacks?
Options
- APlacing the router in broadcast mode
- BEnabling port forwarding on the router
- CInstalling the router outside of the network's firewall
- DDisabling the router from accepting broadcast ping messages
How the community answered
(31 responses)- A16% (5)
- B10% (3)
- C3% (1)
- D71% (22)
Why each option
A smurf attack exploits directed broadcasts to amplify ICMP traffic against a victim, and disabling broadcast ping acceptance on the router eliminates the amplification vector.
Placing the router in broadcast mode would increase its participation in broadcast traffic, worsening exposure to smurf-style amplification attacks rather than mitigating them.
Enabling port forwarding on the router is unrelated to smurf attacks and does nothing to block ICMP directed broadcast amplification.
Installing the router outside the firewall changes its network position but does not address the core mechanism of smurf attacks, which rely on directed broadcast processing regardless of placement.
In a smurf attack, the attacker sends ICMP echo requests to a network broadcast address with the victim's IP spoofed as the source, causing all hosts to reply to the victim. Disabling the router from processing directed broadcast ICMP messages - via commands like 'no ip directed-broadcast' on Cisco IOS - prevents the router from forwarding these amplified replies, neutralizing the attack at its source.
Concept tested: Smurf attack mitigation via directed broadcast disabling
Source: https://www.cisco.com/c/en/us/support/docs/ip/internet-control-message-protocol-icmp/13787-39.html
Topics
Community Discussion
No community discussion yet for this question.