Skip to Content

Cisco 350-701: Which DoS attack uses fragmented packets in attempt to crash target machine?

Question

Which DoS attack uses fragmented packets in an attempt to crash a target machine?

A. teardrop
B. smurf
C. LAND
D. SYN flood

Answer

A. teardrop

Explanation

The correct answer is A. teardrop.

A teardrop attack is a type of denial-of-service (DoS) attack that uses fragmented packets in an attempt to crash a target machine. The attacker sends fragmented packets to the target machine, and in some cases where there’s a TCP/IP vulnerability, the server is unable to reassemble the packet, causing overload.

The other options are not DoS attacks that use fragmented packets.

  • Smurf is a DoS attack that uses a network broadcast address to send a large number of ICMP echo requests to a target machine. This can overwhelm the target machine’s network interface and cause it to crash.
  • LAND is a DoS attack that sends an IP packet with the source and destination addresses both set to the target machine’s address. This can cause the target machine to crash or become unresponsive.
  • SYN flood is a DoS attack that sends a large number of TCP SYN packets to a target machine. This can overwhelm the target machine’s resources and prevent it from responding to legitimate requests.

In summary, the teardrop attack is the only DoS attack in the options that uses fragmented packets. This attack can be used to crash a target machine by sending fragmented packets that the target machine is unable to reassemble.

Here are some additional details about the teardrop attack:

  • The teardrop attack was first discovered in 1997.
  • The attack is named after the way that the fragmented packets overlap, causing the target machine to “tear” when it tries to reassemble them.
  • The teardrop attack was particularly effective against older operating systems, such as Windows 95 and Windows NT.
  • There are a number of ways to protect against the teardrop attack, including:
    • Filtering fragmented packets at the firewall.
    • Patching the operating system to fix the TCP/IP fragmentation reassembly bug.
    • Using a DoS protection service.

Reference

Implementing and Operating Cisco Security Core Technologies 350-701 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Implementing and Operating Cisco Security Core Technologies 350-701 exam and earn Implementing and Operating Cisco Security Core Technologies 350-701 certification.