Smurf Attack - ICMP DoS Attack

Smurf Attack exploit the use of ICMP directed broadcast packets. In this attack, the perpetrator sends an IP ping (or

Smurf Attack – ICMP DoS Attack

Introduction

Smurf Attack exploit the use of ICMP directed broadcast packets. In this attack, the perpetrator sends an IP ping (or "echo my message back to me") request to a broadcast address within the receiving site. The ping packet is broadcast to all hosts within the receiving site's local network. The packet contains a "spoofed" source address, which is the intended address of the recipient of this DoS attack. Each host that receives the ping will reply to the spoofed source address. The result will be lots of ping replies flooding back to the innocent, spoofed host. If the flood is great enough, the spoofed host will no longer be able to receive or distinguish real traffic.

Smurf attacks can be overwhelming, both to the victim network and to the network(s) used to magnify the attack. An Internet Control Message Protocol (ICMP) Smurf attack is a brute-force attack on the direct broadcast feature that is built in to the IP protocol. The players in this type of denial of service attack include the following:

  • The hacker
  • Compromised Host
  • The victim

From Wikipedia, the free encyclopedia

The Smurf attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages.

This attack relies on a perpetrator sending a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts (for example via a layer 2 broadcast), most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.[1]

In the late 1990s, many IP networks would participate in Smurf attacks (that is, they would respond to pings to broadcast addresses). Today, thanks largely to the ease with which administrators can make a network immune to this abuse, very few networks remain vulnerable to Smurf attacks.[2]

The fix is two-fold:

  1. Configure individual hosts and routers not to respond to ping requests or broadcasts.
  2. Configure routers not to forward packets directed to broadcast addresses. Until 1999, standards required routers to forward such packets by default, but in that year, the standard was changed to require the default to be not to forward.[3]

Another proposed solution, to fix this as well as other problems, is network ingress filtering which rejects the attacking packets on the basis of the forged source address.[4]

An example of configuring a router not to forward packets to broadcast addresses, for a Cisco router, is:

Router(config-if)# no ip directed-broadcast

(This example does not prevent a network from becoming the target of Smurf attack; it merely prevents the network from "attacking" other networks, or better said, taking part in a Smurf attack.)

A Smurf amplifier is a computer network that lends itself to being used in a Smurf attack. Smurf amplifiers act to amplify (worsen the severity of) a Smurf attack because they are configured in such a way that they generate a large number of ICMP replies to a spoofed source IP address (the victim of the attack).

 Objective / Setup

In this design – Smurf Attack will be mitigated by using two methods:

1) Using ACL
2) Using ACL and CAR

Where / why this setup can be implemented?

Typically, mitigation against DoS attacks, like – Smurf Attacks should be done on Perimeter / Edge routers

Diagram


Buy now

PDF Price: £1.95
Instant Digital Delivery

Buy now

Smurf Attack - ICMP DoS Attack

Smurf Attack exploit the use of ICMP directed broadcast packets. In this attack, the perpetrator sends an IP ping (or

For information please email us at customersupport@v500.com

How to order PDF's

Ordering at v500 is easy. Just add your selected PDF books to our shopping cart and after your payment we will send you a unique download link to a ZIP package prepared expecially for you. Our system delivers your PDF book and config files instantly. All you need to do is check your email for a download link.