Thursday, May 24, 2007

Smurf Attack

A smurf attack is a Denial of Service (DoS) attacked that uses spoofed broadcast ping messages to flood the target system with ping replies. The attack method gets its name after its exploit program.

In this attack, an attacker sends out a large number of ICMP Echo Request packets to IP broadcast addresses with all requests having a spoofed source address of the intended victim. Once the routing device receives this type of request, it will broadcast it to all hosts on its network. When the hosts reply, they will overwhelm the targeted's network with so much traffic that it will effectively shut out the network from the rest of the world.

Using a Cisco router, one can issue the command:

no ip directed-broadcast

to secure their network from this type of attack.

Note that this does not prevent a network from becoming the target of a smurf attack; it just prevent the network from taking part in an attack agains other networks.

No comments: