What Is A Smurf Attack?

by on 06/09/11 at 4:41 am

As you’re probably already aware, machines on the Internet use a system of unique addresses for communicating and identifying each other online. These are called IP addresses. (Computers 101)

When you want to send a message to a single machine, you can do so by addressing a packet to that individual IP address.  If you wanted to communicate with multiple hosts, you’d normally have to write many packets, each individually addressed.

But there is also a method that can be used to transmit a message to every machine on a network by sending out just one packet. In order to do this, you need to know the broadcast address of the network.

Calculating this address involves a bit of complicated math, so I’ll cover that in another article. But in the meantime, there is a handy calculator that will help you figure out your network’s broadcast address.

For this example, let’s assume that you’re on a network whose broadcast address is:

169.253.255.255

A single message sent to this address could potentially trigger a response from over 65,000 computers.

In a SMURF attack, a packet is artificially generated using a spoofed IP address. The spoofed address should be the address of the system you intend to target. When your machine sends this spoofed packet to the broadcast address, all of the computers on the network will respond to the victim computers.

If the packets are large, and if a large number of these packets are sent out in rapid succession in a crowded network, the victim machine could quickly become overloaded and unavailable.

However, there are a number of steps you can take to prevent this type of attack. Amongst the simplest would be to – if possible – ensure that routers are configured not to forward direct broadcasts. If this isn’t possible, you should at least set a limit on the rate of such broadcasts.

For those interested in learning more about Smurf Attacks, PowerTech has an interesting site with an online registry that tests networks for Smurf attack vulnerability, and list the results online.

Related posts:

  1. How Does A SYN Flood Attack Work?
  2. How Connection-Killing Attacks or FIN Attacks Work
  3. Most Common Types Of TCP Attacks
  4. How DDoS Attacks Get Around IP Address Filters
  5. How Do Ping Of Death and IP Fragment Attacks Work?

Leave a Reply