Smurf attack

From Wikipedia, the free encyclopedia

For other uses, see Smurf (disambiguation).

The smurf attack, named after its exploit program, is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system.

In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.

Several years ago, most IP networks were vulnerable to smurf attacks; they were "smurfable". Today, thanks largely to the ease with which administrators can make a network immune to this abuse, very few networks remain smurfable.[1][2]

To secure a network with a Cisco router from taking part in a smurf attack, it suffices to issue the router command:

no ip directed-broadcast

[edit] References

  1. ^ netscan.org
  2. ^ netscan.org (Web Archive)

[edit] External links

Retrieved from "http://en.wikipedia.org../../../s/m/u/Smurf_attack.html"
In other languages