The Smurf Attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a system via spoofed broadcast ICMP requests.
This attack relies on a perpetrator sending a large amount of ICMP requests to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts (for example via a layer 2 broadcast), most hosts on that IP network will take the ICMP request and reply to it, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet. According to CERT-CC the name Smurf comes from name of one of the exploit programs used to execute the attack.
In the late 1990s, many IP networks would participate in Smurf attacks (that is, they would respond to ICMP requests to broadcast addresses). Today, thanks largely to the ease with which administrators can make a network immune to this abuse, very few networks remain vulnerable to Smurf attacks.
The fix is two-fold:
- Configure individual hosts and routers not to respond to ICMP requests or broadcasts.
- Configure routers not to forward packets directed to broadcast addresses. Until 1999, standards required routers to forward such packets by default, but, in that year, the standard was changed to require the default to be not to forward.
Another proposed solution is network ingress filtering which rejects the attacking packets on the basis of the forged source address.
An example of configuring a router not to forward packets to broadcast addresses, for a Cisco router, is:
Router(config-if)# no ip directed-broadcast
(This example does not prevent a network from becoming the target of Smurf attack; it merely prevents the network from "attacking" other networks, or, better said, taking part in a Smurf attack.)
A Smurf amplifier is a computer network that lends itself to being used in a Smurf attack. Smurf amplifiers act to worsen the severity of a Smurf attack because they are configured in such a way that they generate a large number of ICMP replies to the victim at the spoofed source IP address.
Famous quotes containing the word attack:
“I’ve seen things you people wouldn’t believe. Attack ships on fire off the shoulder of Orion. I watched seabeams glitter in the dark near the Tennhauser Gate. All those moments will be lost in time like tears in rain. Time to die.”
—David Webb Peoples, U.S. screenwriter, and Ridley Scott. Roy Batty, Blade Runner, final words before dying—as an android he had a built-in life span that expired (1982)