Smurf attack

Smurf attack

The Smurf attack is a way of generating a lot of computer network traffic to a victim host. That is, it is a type of denial-of-service attack. Specifically, it floods a target system via spoofed broadcast ping messages.

In such an attack, a perpetrator sends a large amount of ICMP echo requests (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts (for example via a layer 2 broadcast), most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.cite web | url = http://www.cert.org/advisories/CA-1998-01.html | title = CERT Advisory CA-1998-01 Smurf IP Denial-of-Service Attacks]

In the late 1990s, many IP networks would participate in Smurf attacks (that is, they would respond to pings to broadcast addresses). Today, thanks largely to the ease with which administrators can make a network immune to this abuse, very few networks remain vulnerable to Smurf attacks. [For example, [http://web.archive.org/web/*/http%3A//www.netscan.org/ netscan.org (Web Archive)] showed 122,945 broken networks as of Jan 25, 1999, but only 2,417 as of Jan 06, 2005.]

The fix is twofold:
*Configure individual hosts and routers not to respond to ping requests to broadcast addresses, and
*Configure routers not to forward packets directed to broadcast addresses. Until 1999, standards required routers to forward such packets by default, but in that year, the standard was changed to require the default to be not to forward. [D. Senie, "Changing the Default for Directed Broadcasts in Routers", RFC 2644, BCP 34]

Another proposed solution, to fix this as well as other problems, is network ingress filtering which rejects the attacking packets on the basis of the forged source address. [P. Ferguson and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", RFC 2827, BCP 38]

An example of configuring a router not to forward packets to broadcast addresses, for a Cisco router, is: no ip directed-broadcast(Please note that this example does not prevent a network from becoming the target of Smurf attack; it merely prevents the network from "attacking" other networks, or better said, taking part in a Smurf attack.)

A Smurf amplifier is a computer network that lends itself to being used in a Smurf attack. Smurf amplifiers act to amplify (worsen the severity of) a Smurf attack because they are configured in such a way that they generate a large number of ICMP replies to a spoofed source IP address (the victim of the attack).

References

See also

* Denial-of-service attack
* IP address spoofing
* Internet Control Message Protocol

External links

* [http://learn-networking.com/network-security/securing-cisco-routers-with-no-ip-directed-broadcast Securing Cisco Routers with IP Directed-Broadcast]
* [http://www.phreak.org/archives/exploits/denial/smurf.c The source code for the original "smurf.c" exploit]
* [http://www.powertech.no/smurf/ Smurf Amplifier Registry]
* [http://www.google.com/Top/Computers/Internet/Abuse/Denial_of_Service/ Google Directory: Denial of Service]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать курсовую

Look at other dictionaries:

  • Smurf (disambiguation) — Smurf can refer to: *The Smurfs, fictional tiny blue humanoids created by Belgian cartoonist Peyo in 1957 *Smurf attack, a type of denial of service (DoS) attack on computer networks *Smurfing (crime), a term related to money laundering *Smurfing …   Wikipedia

  • Denial-of-service attack — DoS redirects here. For other uses, see DOS (disambiguation). DDoS Stacheldraht Attack diagram. A denial of service attack (DoS attack) or distributed denial of service attack (DDoS attack) is an attempt to make a computer resource unavailable to …   Wikipedia

  • Fraggle attack — In computer security a fraggle attack is a type of denial of service attack where an attacker sends a large amount of UDP echo traffic to IP broadcast addresses, all of it having a fake source address. This is a simple rewrite of the smurf attack …   Wikipedia

  • Papa Smurf — is a male fictional character from the Smurfs. He is the third oldest of the Smurfs (after Grandpa and Nanny), and their leader. He is 542 years old [cite news |first=Eric P. |last=Nash |title= Charles Dupuis, 84, Publisher Who Introduced the… …   Wikipedia

  • Denial of Service Attack — Als Denial of Service (DoS, zu Deutsch etwa: Dienstverweigerung) bezeichnet man einen Angriff auf einen Host (Server) oder sonstigen Rechner in einem Datennetz mit dem Ziel, einen oder mehrere seiner Dienste arbeitsunfähig zu machen. In der Regel …   Deutsch Wikipedia

  • Broadcast radiation — is the accumulation of broadcast and multicast traffic on a computer network. Extreme amounts of broadcast traffic constitute a broadcast storm. A broadcast storm can consume sufficient network resources so as to render the network unable to… …   Wikipedia

  • Attaque par déni de service — Une attaque par déni de service (denial of service attack, d où l abréviation DoS) est une attaque ayant pour but de rendre indisponible un service, d empêcher les utilisateurs légitimes d un service de l utiliser. Il peut s agir de :… …   Wikipédia en Français

  • Les Schtroumpfs — « Schtroumpf » redirige ici. Pour les autres significations, voir Schtroumpf (homonymie). Les Schtroumpfs Série …   Wikipédia en Français

  • Smurfing — is a term that that originated with vernacular used by the fictional characters known as The Smurfs . While speaking, Smurfs tend to replace a verb with some form of the word smurf (example: I feel like smurfing some bread, instead of, I feel… …   Wikipedia

  • Internet Relay Chat flood — Flooding or scrolling on an IRC network is a method of disconnecting users from an IRC server (a form of Denial of Service), exhausting bandwidth which causes network latency ( lag ), or just annoying users. Floods can either be done by scripts… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”