Which of the following attacks is not classified as a network layer attack?

The classification of network layer attacks is primarily based on their functionality within the network protocols defined by the TCP/IP model. In this context, ARP spoofing is often considered a link layer attack rather than a network layer attack. This distinction stems from the role of ARP (Address Resolution Protocol), which operates at the data link layer, facilitating the mapping of IP addresses to MAC addresses within a local network.

IP spoofing attacks typically involve sending IP packets from a false (or "spoofed") source address, concealing the actual sender’s identity and typically exploiting trust relationships in network communications, thereby fitting within the network layer. Smurf attacks harness ICMP to flood a target with requests, amplifying the traffic and overwhelming it, which is also aligned with network layer tactics. Similarly, attacks using ICMP functions, like ping floods, are associated with the network layer as they involve transmission control over IP networks.

Therefore, identifying ARP spoofing as a non-network layer attack is based on its operation within the link layer technology rather than the broader networking principles applied at the network layer. This understanding helps clarify the nature of various attacks and reinforces the importance of recognizing the protocols involved in specific attack vectors.