Misplaced Pages

Smurf attack: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 19:59, 13 April 2004 editNiteowlneils (talk | contribs)25,409 editsm avoid redir← Previous edit Revision as of 21:25, 29 June 2004 edit undo198.81.129.193 (talk)No edit summaryNext edit →
Line 1: Line 1:
The '''smurf attack''', named after its exploit program, is a ] attack which uses ] broadcast ] messages to flood a target system. The '''turd attack''', named after its exploit program, is a ] attack which uses ] broadcast ] messages to flood a target system.


In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic at ] broadcast addresses, all of it having a spoofed source address of a victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply each, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, there could potentially be hundreds of machines to reply to each packet. In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic at ] broadcast addresses, all of it having a spoofed source address of a victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply each, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, there could potentially be hundreds of machines to reply to each packet.

Revision as of 21:25, 29 June 2004

The turd attack, named after its exploit program, is a denial-of-service attack which uses spoofed broadcast ping messages to flood a target system.

In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of it having a spoofed source address of a victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply each, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, there could potentially be hundreds of machines to reply to each packet.

Several years ago, most IP networks could be thus used in smurf attacks -- in the lingo, they were "smurfable". Today, thanks largely to the ease with which a network can be made immune to this abuse, very few networks remain smurfable.

To secure a network with a Cisco router from being used in a smurf attack, the router command no ip directed-broadcast will suffice.

External link