Exam 312-49v10 topic 1 question 60 discussion

A. ICMP header field

A. ICMP Header field The Ping of Death specifically exploits vulnerabilities in the handling of Internet Control Message Protocol (ICMP) packets. ICMP is used for diagnostic or control purposes and is typically used by network utilities such as ping. The Ping of Death attack involves sending an ICMP packet that exceeds the maximum allowable size, causing buffer overflows and potentially crashing the target system.

The "Ping of Death" is a well-known hacker exploit that involves the Internet Control Message Protocol (ICMP), which is not part of the TCP/IP header but is a separate protocol that operates alongside the TCP/IP stack. In the Ping of Death attack, a hacker sends an oversized or malformed ICMP Echo Request packet (ping) to a target host. The oversized packet can cause buffer overflows or other vulnerabilities in the target's network stack, leading to system instability, crashes, or even potential security breaches. The ICMP Echo Request and Echo Reply messages are commonly used for network troubleshooting, such as the "ping" command that checks the reachability of a host on an IP network. However, when an oversized or specially crafted ICMP Echo Request is sent as part of a Ping of Death attack, it can exploit vulnerabilities in the target system's handling of ICMP packets. --> ICMP header field

The question is in referrence to the following. In 2013, an IPv6 version of the ping of death vulnerability was discovered in Microsoft Windows. Windows TCP/IP stack did not handle memory allocation correctly when processing incoming malformed ICMPv6 packets, which could cause remote denial of service.

The correct answer is A. ICMP header field. The hacker exploit known as the Ping of Death involves manipulating the Internet Control Message Protocol (ICMP) header field in the TCP/IP protocol stack. ICMP is used for diagnostic and error-reporting purposes in IP networks. The Ping of Death attack involves sending an oversized or malformed ICMP packet to a target device, causing it to crash or become unresponsive. Therefore, the ICMP header field (option A) is the header field in the TCP/IP protocol stack that is associated with the Ping of Death exploit.

Ping is handled via ICMP, not TCP or UDP.

A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer. A correctly formed ping packet is typically 56 bytes in size, or 64 bytes when the ICMP header is considered, and 84 bytes including Internet Protocol version 4 header. However, any IPv4 packet (including pings) may be as large as 65,535 bytes. Some computer systems were never designed to properly handle a ping packet larger than the maximum packet size because it violates the Internet Protocol.

Agreed ICMP header should be the answer