Smurf attacks are a type of denial-of-service (DoS) attack. It takes the advantage of IP packet broadcasting feature in certain networks.
Internet Protocol (IP) is the protocol used for communication in the internet. IP can assign unique IP addresses to all the computers connected to the internet. These IP addresses are then used to identify computers and to communicate with them.
Internet Control Message Protocol (ICMP) is primarily used for error message sending purposes. In error checking, an ICMP echo-request message is sent to a target computer. After it reaches the computer at the other end, it will respond back to the origin’s IP address with an ICMP echo-response. This is also called as ping, and it is generally used for connectivity testing between computers.
A smurf attack occurs when an attacker sends a large amount of IP packets with spoofed (faked) IP addresses as the origin. These packets will go in to networks where IP packet broadcast function is enabled. When those packets reach the networks, it will be distributed to all the nodes in those networks since they are set-up to broadcast those messages (packets). After the nodes receive those broadcasted messages, they will respond to them by sending ICMP echo-responses. Since attacker has spoofed the origin’s IP address, these responses will flood into the victim’s IP address. When there is a sudden load of unexpected traffic, it can cause a bottleneck and therefore restrict access to legitimate traffic. Thus, it is a type of denial-of-service attack.
To prevent an organization’s network to be used for a smurf flooding attack, Network Administrators can disable the IP packet broadcasting features of a network.
- what is smurf attack
- smurf attack
- what are smurf attacks
- smurf attack origin
- types of smurf attack
- what are smurfs
- sumrf computer attack
- can cups protocols used broadcast to flood the network
- what is smurf attack?
- what are smuff attack