Computer Hacking Forensic Investigator (CHFI v10) — Question 359

An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

Answer options

• A. Smurf
• B. Ping of death
• C. Fraggle
• D. Nmap scan

Correct answer: B

Explanation

The correct answer is B, as the Ping of Death attack involves sending malformed ICMP packets that exceed the maximum allowed size, which can cause target systems to crash. Option A, Smurf, involves a different type of ICMP attack that amplifies traffic using spoofed source addresses. Option C, Fraggle, is similar to Smurf but uses UDP instead of ICMP. Option D, Nmap scan, is a legitimate network scanning tool that does not generate oversized ICMP packets.