Denial of Service Attacks (6)

• Smurf Attack

  • summer 1997 (smurf tool)- http://www.rootshell.com
  • smurf sends many spoofed ICMP echo request (ping) to a broadcast address on a victim’s network
  • the victim’s (spoofed) machine gets too many responses from every host on the network, consuming all available bandwidth
  • attack based on spoofing source IP address
  • papasmurf - an improved, optimized version of smurf; UDP based;

• Defense

  • filter out ICMP messages on a router; this can harm your ability to monitor the network
  • router configuration option : “no IP directed-broadcast” (cisco)

Previous slide

Next slide

Back to first slide

View graphic version