SY0-301 · Question #320
SY0-301 Question #320: Real Exam Question with Answer & Explanation
The correct answer is B: Disabling directed broadcast on border routers. A smurf attack is a DDoS amplification technique: the attacker sends ICMP echo requests (pings) to a network's broadcast address with the victim's IP spoofed as the source. Every host on that network replies to the victim, flooding it. The amplifier that makes this possible is th
Question
Options
- AAllowing necessary UDP packets in and out of the network
- BDisabling directed broadcast on border routers
- CDisabling unused services on the gateway firewall
- DFlash the BIOS with the latest firmware
Explanation
A smurf attack is a DDoS amplification technique: the attacker sends ICMP echo requests (pings) to a network's broadcast address with the victim's IP spoofed as the source. Every host on that network replies to the victim, flooding it. The amplifier that makes this possible is the router forwarding packets to the broadcast address. Disabling IP directed broadcast on border routers (as recommended in RFC 2644) causes the router to drop packets destined for the subnet broadcast address, eliminating the amplification mechanism entirely. Allowing UDP traffic, disabling unused services, and flashing the BIOS all address different threat categories and have no direct effect on ICMP broadcast amplification.
Community Discussion
No community discussion yet for this question.