A Smurf attack is a way of generating significant computer network traffic on a victim network to create a denial of service. This can cause traffic on a user’s Internet Protocol (IP) address to become the target of an attack and potentially disable the use of the network.
It floods a system via spoofed broadcast ping messages to determine if they are operational and the attacker uses a program called “Smurf ” to cause the attacked part of a network to become inoperable.
An operational node returns an echo message in response to a ping message. The exploit of Smurfing takes advantage of certain known characteristics of the IP and the Internet Control Message Protocol (ICMP). The ICMP is used by network nodes and their administrators to exchange information about the state of the network.
- The Smurf program builds a network packet that appears to originate from another address (this is known as spoofing an IP address) which contains an ICMP ping message addressed to all IP addresses in a given network.
- The echo responses to the ping message are sent back to the “victim” address.
- Enough pings and resultant echoes can flood the network making it unusable for real traffic.
Tips on how to defeat Smurfing
- Configure individual hosts and routers not to respond to ping requests or broadcasts.
- Configure routers not to forward packets directed to broadcast addresses.
- Use network ingress filtering, a technique that ensures incoming packets belong to the network they claim and rejects forged source addresses.
