Home > Ask the Security Experts > Network Security Questions & Answers > Can smurf attacks cause more than just a denial of service?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Can smurf attacks cause more than just a denial of service?

Mike Chapple, featured expert EXPERT RESPONSE FROM: Mike Chapple, featured expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 01 April 2007
Can Smurf attacks do anything besides slow your network down?

>
Smurf attacks were one of the first network-based denial-of-service attacks to widely affect systems attached to the Internet. The Computer Emergency Response Team (CERT) first issued an advisory on smurf attacks in January 1998.

A smurf attack floods a network with unwanted traffic, and attackers pull this off by taking advantage of a design flaw in the Internet Control Message Protocol (ICMP) echo request/reply protocol, also called a "ping."

A ping allows remote systems to quickly determine whether another system is live on the network. If system X wants to "ping" system Y, it sends an ICMP echo request packet with a source address of X and a destination address of Y. When Y receives the echo request, it reads the source address (in this case, X) and sends an ICMP echo reply message back to the originating host. These replies quickly add up and, when repeated, can overwhelm the victim system, causing a denial of service.

In a smurf attack, a malicious system creates a fake ICMP echo request packet, using the victim system's IP address as the source address. Instead of sending this packet to a single system, the attacker sends it to a broadcast address, causing hundreds or thousands of systems to receive the request. Those systems all read the source address of the echo request and send back an echo reply to the victim system.

Now, 10 years after that first advisory, the smurf attack is generally regarded as a resolved threat, for two reasons. First, modern operating systems simply won't respond to an ICMP echo request that has a broadcast source address. Second, it's fairly simple to block inbound broadcast traffic at the router or firewall layer. For example, on Cisco routers, the command:

no ip directed-broadcast

will stop the use of the router if a smurf attack is detected.

So, the short answer to your question is no. Smurf attacks are strictly denial-of-service attacks and do not jeopardize the confidentiality or integrity of your data.

More information:

  • Hackers use DNS amplification attacks to flood packets and generate bogus traffic. Security expert Ed Skoudis reviews the threat.
  • Should service providers be doing more to prevent DDoS attacks?


    • BROWSE BY TAG
    Network Security,   Network Intrusion Detection and Analysis,   Enterprise Network Security,   Denial of Service (DoS) Attack Prevention,   Hacker Tools and Techniques: Underground Sites and Hacking Groups,   Information Security Threats,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Network Security
    How to set up a split-tunnel VPN in Windows Vista
    What is the difference between static and dynamic network validation?
    Port scan attack prevention best practices
    Securing the intranet with remote access VPN security
    How to prevent network sniffing and eavesdropping
    How to implement virtual firewalls in a complex network infrastructure
    How to manage network bandwidth with distributed ISP bandwidth
    How to edit group policy objects to give a user local admin rights
    How to prevent operating system cloning with AES 256-bit encryption
    How to securely connect a LAN POS to a remote point-of-sale device

    Denial of Service (DoS) Attack Prevention
    VeriSign extends DDoS attack protection service
    Conficker authors prepping for next stage, researcher says
    Latest DDoS attacks extremely unsophisticated, experts say
    DDoS attacks hit U.S., South Korean government websites
    How to prevent a denial-of-service (DoS) attack
    I'll be watching you: Wireless IPS
    How to prevent DDoS attacks on websites
    How to prevent network denial-of-service attacks
    What are 'phlashing' attacks?
    Could someone place a rootkit on an internal network through a router?
    Denial of Service (DoS) Attack Prevention Research

    Hacker Tools and Techniques: Underground Sites and Hacking Groups
    Russian cybercriminals target H1N1 Swine Flu fears
    Metasploit Project acquisition ups ante for penetration testing market
    Successful rogue antivirus hinges on social engineering
    DEFCON survey suggests hacker community on vacation
    DoD urges less network anonymity, more PKI use
    New hacker skills optimize revenue
    Maturing cybercriminal economy buoyed by business savvy hackers
    Juniper pulls ATM hacking presentation from Black Hat
    Botnet platform helps cybercriminals bid for zombie PCs
    Man pleads guilty in online banking hacking scam

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    Electrohippies Collective  (SearchSecurity.com)
    packet monkey  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts