Smurf Amplification Attack
Smurfing refers to a particular type of Denial of Service attack aimed at flooding your Internet connection.
It can be a difficult attack to defend against because it is not easy to trace the attack to the
attacker. Here is how smurfing works.
The attack makes use of the ICMP protocol, a service intended for checking the speed and availability
of network connections. Using the ping command, you can send a network packet from
your computer to another computer on the Internet. The remote computer will recognize the
TIP
228
Running the Show Part II
packet as an ICMP request and echo a reply packet to your computer. Your computer can then
print a message revealing that the remote system is up and telling you how long it took to reply
to the ping.
A smurfing attack uses a malformed ICMP request to bury your computer in network traffic. The
attacker does this by bouncing a ping request off an unwitting third party in such a way that the
reply is duplicated dozens or even hundreds of times. An organization with a fast Internet connection
and a large number of computers is used as the relay. The destination address of the ping is
set to an entire subnet instead of a single host. The return address is forged to be your machine??™s
address instead of the actual sender.
Pages:
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495