An investigator is searching through firewall logs and notices ICMP packets larger than 65,536 bytes. What type of activity is this?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

An investigator is searching through firewall logs and notices ICMP packets larger than 65,536 bytes. What type of activity is this?

Oversized ICMP packets point to a Ping of Death attack. In IPv4, the IP total length field maxes out at 65,535 bytes. A Ping of Death tool or attacker attempts to send ICMP Echo Request packets that exceed this limit, often by abusing fragmentation or crafting malformed packets, which can crash or destabilize the target system. Seeing such large ICMP packets in firewall logs is a classic indicator of this attack type. This differs from a Smurf attack, which floods a victim by spoofing ICMP Echo Requests to a broadcast address; a Fraggle attack, which uses UDP Echo to flood; or a general Nmap scan, which is about discovering hosts and services rather than sending oversized ICMP payloads.

An investigator is searching through firewall logs and notices ICMP packets larger than 65,536 bytes. What type of activity is this?

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

An investigator is searching through firewall logs and notices ICMP packets larger than 65,536 bytes. What type of activity is this?

Get the latest from Examzify