Smurf Attack
Let's talk a bit about what a Smurf Attack is, and how it can be used to attack remote computers and networks and render them not functional.
The Smurf Attack is an ICMP - based Denial of Service Attack. In this scheme, there are two parties affected, the vulnerable remote network used to launch the attack and its computers, and also the target -victim- computer that is severely affected by the attack. In a smurf attack scheme, the exploit software (known as "smurf") will perform the attack by sending a large amount of ICMP packets towards a given network, using IP broadcast addresses. The trick consists in the fact that packets are malformed and contain the spoofed address of a victim computer. In such a situation, misconfigured or low quality routers may perform the broadcast inside the network, and as a result all hosts inside the local network that receive the ICMP request (basically an ICMP Echo Request is used) will then respond to the packet by sending ICMP responses towards the victim's IP address. Due to the fact that there can be hundreds of computers in a local network that can be subject to take part of the attack scheme in this fashion, the resulting traffic flow can be deadly for the victim remote computer. Basically, in this fashion, the inbound traffic generated by the attacker is sent back multiplied by the number of computers available in the network that can be affected by the attack, in a number equal to the number of active hosts responding to the attack. It is therefore important to understand that even a home user with a cable connection has enough broadband to sucessfully launch such an attack towards many victim computers or networks.
To protect your network from such attacks, make sure your routers are properly configured and able to block spoofed ICMP - like for example by performing return path checkings on the routing table, and make sure that directed broadcasts are not possible as this will block the attack, if your router can be configured with such an option. A good router nowadays may block such forwarding of directed broadcast by default. If you are unsure what to do, refer to network security consultants for network analysis and recommendations.
The Smurf Attack is an ICMP - based Denial of Service Attack. In this scheme, there are two parties affected, the vulnerable remote network used to launch the attack and its computers, and also the target -victim- computer that is severely affected by the attack. In a smurf attack scheme, the exploit software (known as "smurf") will perform the attack by sending a large amount of ICMP packets towards a given network, using IP broadcast addresses. The trick consists in the fact that packets are malformed and contain the spoofed address of a victim computer. In such a situation, misconfigured or low quality routers may perform the broadcast inside the network, and as a result all hosts inside the local network that receive the ICMP request (basically an ICMP Echo Request is used) will then respond to the packet by sending ICMP responses towards the victim's IP address. Due to the fact that there can be hundreds of computers in a local network that can be subject to take part of the attack scheme in this fashion, the resulting traffic flow can be deadly for the victim remote computer. Basically, in this fashion, the inbound traffic generated by the attacker is sent back multiplied by the number of computers available in the network that can be affected by the attack, in a number equal to the number of active hosts responding to the attack. It is therefore important to understand that even a home user with a cable connection has enough broadband to sucessfully launch such an attack towards many victim computers or networks.
To protect your network from such attacks, make sure your routers are properly configured and able to block spoofed ICMP - like for example by performing return path checkings on the routing table, and make sure that directed broadcasts are not possible as this will block the attack, if your router can be configured with such an option. A good router nowadays may block such forwarding of directed broadcast by default. If you are unsure what to do, refer to network security consultants for network analysis and recommendations.
This information is provided without any warranties of any kind. Use it at your own risk. Terms and conditions