nerdexam
GIAC

GPEN · Question #80

GPEN Question #80: Real Exam Question with Answer & Explanation

The correct answer is C. It may show smurf DoS attack in the network IDS of the victim. D. It leads to scanning of all the IP addresses on that subnet at the same time.. Scanning a network's broadcast IP address sends probes to all hosts on the subnet simultaneously and can trigger IDS alerts for smurf attack patterns due to the amplified ICMP response behavior.

Question

What happens when you scan a broadcast IP address of a network? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AIt will show an error in the scanning process.
  • BScanning of the broadcast IP address cannot be performed.
  • CIt may show smurf DoS attack in the network IDS of the victim.
  • DIt leads to scanning of all the IP addresses on that subnet at the same time.

Explanation

Scanning a network's broadcast IP address sends probes to all hosts on the subnet simultaneously and can trigger IDS alerts for smurf attack patterns due to the amplified ICMP response behavior.

Common mistakes.

  • A. Scanning a broadcast address does not produce a scanner error - most scanning tools will process the address and send packets normally, potentially receiving responses from multiple hosts.
  • B. Scanning a broadcast IP address is technically possible and frequently performed; there is no inherent mechanism that prevents a scanner from sending packets to a broadcast address.

Concept tested. Broadcast IP scanning behavior and smurf attack detection

Reference. https://www.cisa.gov/uscert/ncas/alerts/TA14-017A

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice