The smurf attack, named after its exploit program, is a denial-of-service attack which uses spoofed broadcast ping messages to flood a target system. A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. ... In computer networking, the term Internet Protocol spoofing (IP spoofing) is the creation of IP packets with a forged (spoofed) source IP address. ... ping in a Windows 2000 command window ping is a computer network tool used to test whether a particular host is reachable across an IP network. ...
In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply each, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, potentially hundreds of machines might reply to each packet. The Internet Control Message Protocol (ICMP) is part of the Internet protocol suite and defined in RFC 792. ... The Internet Protocol (IP) is a data-oriented protocol used for communicating data across a packet-switched internetwork. ...
Several years ago, most IP networks could lend themselves thus to smurf attacks -- in the lingo, they were "smurfable". Today, thanks largely to the ease with which administrators can make a network immune to this abuse, very few networks remain smurfable. [1]
To secure a network with a Cisco router from taking part in a smurf attack, it suffices to issue the router command: Cisco Systems, Inc. ...
A denial-of-serviceattack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system.
Specific means of attack include: a smurfattack, in which excessive ICMP requests are broadcast to an entire network; bogus HTTP requests on the World Wide Web; incorrectly formed packets; and random traffic.
In a distributed attack, the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and direct the attack, often through a botnet.
The attack described in this advisory is different from the denial-of-serviceattacks described in CERT advisory CA-97.28.
In the "smurf"attack, attackers are using ICMP echo request packets directed to IP broadcast addresses from remote locations to generate denial-of-serviceattacks.
Attacks like the smurfattack rely on the use of forged packets, that is, packets for which the attacker deliberately falsifies the origin address.
Feeds |
Contact