Home > Ask the Security Experts > Network Security Questions & Answers > Can smurf attacks cause more than just a denial of service?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Can smurf attacks cause more than just a denial of service?

Mike Chapple, featured expert EXPERT RESPONSE FROM: Mike Chapple, featured expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 01 April 2007
Can Smurf attacks do anything besides slow your network down?


BROWSE BY TAG
Network Security,   Denial of Service (DoS) Attack Prevention,   Network Intrusion Detection and Analysis,   Enterprise Network Security,   Hacker Tools and Techniques: Underground Sites and Hacking Groups,   Information Security Threats,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Network Security
Should enterprises be running multiple firewalls?
What are best practices for fiber optic cable security?
What is the difference between a VPN and remote control?
What are the disadvantages of proxy-based firewalls?
What are the best practices for IPS implementation?
How to prevent DDoS attacks on websites
How to configure firewall ports for webmail system implementation
Can S/MIME, XML and IPsec operate in one protocol layer?
How should service providers address VoIP security issues and threats?
How to set up a corporate cell phone management strategy

Denial of Service (DoS) Attack Prevention
Latest DDoS attacks extremely unsophisticated, experts say
DDoS attacks hit U.S., South Korean government websites
How to prevent DDoS attacks on websites
How to prevent network denial-of-service attacks
What are 'phlashing' attacks?
Could someone place a rootkit on an internal network through a router?
Black Hat 2007: Estonian attacks were a cyber riot, not warfare
Experts doubt Russian government launched DDoS attacks
Can service providers prevent DDoS attacks?
Metasploit Framework 3.0 released
Denial of Service (DoS) Attack Prevention Research

Hacker Tools and Techniques: Underground Sites and Hacking Groups
Juniper pulls ATM hacking presentation from Black Hat
Botnet platform helps cybercriminals bid for zombie PCs
Man pleads guilty in online banking hacking scam
ATM malware lets attackers take over machines
The failing war against cybercriminals
Hacker attack techniques and tactics: Understanding hacking strategies
The Pipe Dream of No More Free Bugs
Government needs a plan to limit Web usage during a security crisis
Mobile phones win during Pwn2Own contest
Black Hat DC 2009: Joanna Rutkowska on Intel TXT flaws

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Electrohippies Collective  (SearchSecurity.com)
packet monkey  (SearchSecurity.com)
pulsing zombie  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Smurf attacks were one of the first network-based denial-of-service attacks to widely affect systems attached to the Internet. The Computer Emergency Response Team (CERT) first issued an advisory on smurf attacks in January 1998.

A smurf attack floods a network with unwanted traffic, and attackers pull this off by taking advantage of a design flaw in the Internet Control Message Protocol (ICMP) echo request/reply protocol, also called a "ping."

A ping allows remote systems to quickly determine whether another system is live on the network. If system X wants to "ping" system Y, it sends an ICMP echo request packet with a source address of X and a destination address of Y. When Y receives the echo request, it reads the source address (in this case, X) and sends an ICMP echo reply message back to the originating host. These replies quickly add up and, when repeated, can overwhelm the victim system, causing a denial of service.

In a smurf attack, a malicious system creates a fake ICMP echo request packet, using the victim system's IP address as the source address. Instead of sending this packet to a single system, the attacker sends it to a broadcast address, causing hundreds or thousands of systems to receive the request. Those systems all read the source address of the echo request and send back an echo reply to the victim system.

Now, 10 years after that first advisory, the smurf attack is generally regarded as a resolved threat, for two reasons. First, modern operating systems simply won't respond to an ICMP echo request that has a broadcast source address. Second, it's fairly simple to block inbound broadcast traffic at the router or firewall layer. For example, on Cisco routers, the command:

no ip directed-broadcast

will stop the use of the router if a smurf attack is detected.

So, the short answer to your question is no. Smurf attacks are strictly denial-of-service attacks and do not jeopardize the confidentiality or integrity of your data.

More information:

  • Hackers use DNS amplification attacks to flood packets and generate bogus traffic. Security expert Ed Skoudis reviews the threat.
  • Should service providers be doing more to prevent DDoS attacks?




    • Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts