An investigator is searching through firewall logs and notices ICMP packets larger than 65,536 bytes. What type of activity is this?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

An investigator is searching through firewall logs and notices ICMP packets larger than 65,536 bytes. What type of activity is this?

Oversized ICMP packets point to a Ping of Death attack. In IPv4, the IP total length field maxes out at 65,535 bytes. A Ping of Death tool or attacker attempts to send ICMP Echo Request packets that exceed this limit, often by abusing fragmentation or crafting malformed packets, which can crash or destabilize the target system. Seeing such large ICMP packets in firewall logs is a classic indicator of this attack type. This differs from a Smurf attack, which floods a victim by spoofing ICMP Echo Requests to a broadcast address; a Fraggle attack, which uses UDP Echo to flood; or a general Nmap scan, which is about discovering hosts and services rather than sending oversized ICMP payloads.

An investigator is searching through firewall logs and notices ICMP packets larger than 65,536 bytes. What type of activity is this?

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

An investigator is searching through firewall logs and notices ICMP packets larger than 65,536 bytes. What type of activity is this?

Get the latest from Passetra