An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?
An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?
ICMP packets larger than 65,536 bytes indicate a 'Ping of death' attack. This attack involves sending oversized ICMP packets to a target system, causing it to crash, freeze, or become unstable due to handling errors in processing the oversized packets.
B > https://www.cloudflare.com/learning/ddos/ping-of-death-ddos-attack/
The ping of death (PoD) attack is a DDoS attack that sends out abnormally large packets in order to disrupt a web server.
he correct answer is B. Ping of death. ICMP (Internet Control Message Protocol) packets larger than 65,536 bytes are indicative of a "Ping of Death" attack. This type of attack involves sending malformed or malicious ICMP packets, specifically echo request (ping) packets, that exceed the maximum allowed size (65,536 bytes). This can cause the target system to crash, freeze, or become unstable. Here's a brief overview of the other options: A. Smurf attack: a type of DDoS attack that uses ICMP echo requests (pings) to flood a network, but the packets are typically not larger than 65,536 bytes. C. Fraggle attack: a type of DDoS attack that uses UDP packets, not ICMP packets, to flood a network. D. Nmap scan: a network scanning tool used for discovery and exploration, which typically doesn't involve sending large ICMP packets