logo

Name: Smurf attack.

   

Added on  2022-10-16

9 Pages1080 Words4 Views
Name: Smurf attack
Type: Distributed Denial of Service
Date: In the 1990s
The affected organizations/computers: Businesses and ISPs
Working method and the impact:
The attack is particular in the way it is carried out. During the attack, host 1 sends ICMP Echo to
another host 2 and triggers an automatic response1. The time taken for the response to be received
from the other host is used to determine the virtual distance between the two hosts. In a normal
situation of IP broadcast network, every host is supposed to receive the ping request and thus
prompting each recipient to respond. This is the vulnerability that Smurf attackers take advantage
of to increase their traffic.
Basically, a Smurf attack follows the following steps2;
A fake Echo request is generated by Smurf malware and contains a source IP which is
spoofed to hide the fact that it the address of the target server.
The request then advances to an IP broadcast network which lies in between the sender and
the receiver after which it is transmitted equally to all the hosts found within the network
An ICMP response is then received from each host and sent to the spoofed source address.
This makes it possible for the target server to be brought down if a significant number of
responses are forwarded.
____________________________________________________________________________
1. Wiki.cas.mcmaster.ca. (2008). Smurfing - Computing and Software Wiki. [online] Available at:
http://wiki.cas.mcmaster.ca/index.php/Smurfing [Accessed 22 Sep. 2019].
2. Cert.org. (2017). 1998 CERT Advisories. [online] Available at: http://www.cert.org/historical/advisories/CA-
1998-01.cfm [Accessed 22 Sep. 2019].

The critical factor that determines the extent and success of a Smurf attack is usually the number of
hosts that are available within the intermediate network3. The responses received from fake Echo
requests is directly proportional to the number of hosts in the network.
Mitigation Options
There are various methods that can be used to mitigate Smurf attacks. Such include;
Disabling broadcasts on the router that are IP-directed
Reconfiguring the OS to forbid giving ICMP responses to requests that are IP broadcast
Reconfiguration of the perimeter firewall such that the pings whose origin is outside the
network are disallowed.
Filtering the outbound traffic
_______________________________________________________________________________
3. Usa.kaspersky.com. (n.d.). [online] Available at: https://usa.kaspersky.com/internet-
security-center/definitions/smurf-attack#.U_61zWPp-ZQ [Accessed 22 Sep. 2019].

Presentation Graphics
1. How a smurf attack takes place

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Performing Vulnerability Scan on Network
|12
|769
|44

Cybersecurity: Footprinting, Scanning, Enumeration, and Obfuscation Tools
|11
|1105
|345

Denial-Of-Service and Distributed Denial-Of-Service Attacks
|5
|675
|90

Firewall Rules for Network Security: Accessing, Mitigating Virus Attack, VPN Access, VLAN Access, Blocking RFC 1918
|10
|922
|63