ICMP Inverse Mapping Attack | CCIE Security Exam 400-251

Which Pair of ICMP Messages is Used in an Inverse Mapping Attack?

Prev Question Next Question

Question

Which pair of ICMP messages is used in an inverse mapping attack?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

D.

An inverse mapping attack, also known as a smurf attack, is a type of DDoS (Distributed Denial of Service) attack that takes advantage of the ICMP protocol.

The attack works by sending a large number of ICMP echo requests (also known as ping requests) to a broadcast address, using the spoofed IP address of the victim. This causes all the hosts on the network to respond to the victim's IP address with ICMP echo replies, overwhelming the victim's network and causing a denial of service.

The correct answer for the pair of ICMP messages used in an inverse mapping attack is E. Echo-Host Unreachable.

Explanation:

  • A. Echo-Echo Request: This pair of ICMP messages is not used in an inverse mapping attack. Echo request and Echo reply are used for testing network connectivity between two hosts.

  • B. Route Solicitation-Time Exceeded: This pair of ICMP messages is not used in an inverse mapping attack. Route solicitation and Time exceeded messages are used in the context of IPv6 routing.

  • C. Echo-Time Exceeded: This pair of ICMP messages is not used in an inverse mapping attack. Echo request and Time exceeded messages are used for troubleshooting network issues such as determining the network latency or packet loss.

  • D. Echo Reply-Host Unreachable: This pair of ICMP messages is not used in an inverse mapping attack. Echo request and Echo reply messages are used for testing network connectivity between two hosts, while Host unreachable messages are used to indicate that the destination host is not reachable.

  • E. Echo-Host Unreachable: This pair of ICMP messages is used in an inverse mapping attack. The attacker sends a large number of ICMP echo requests (also known as ping requests) to a broadcast address, using the spoofed IP address of the victim. All hosts on the network will reply to the victim's IP address with ICMP Host unreachable messages, causing a denial of service.

In summary, the correct answer for the pair of ICMP messages used in an inverse mapping attack is E. Echo-Host Unreachable.