Re: Smurf

To: debian-firewall@lists.debian.org
Subject: Re: Smurf
From: Attila SZALAY <sasa@debian.org>
Date: Fri, 19 Apr 2002 09:03:15 +0200
Message-id: <[🔎] 20020419070315.GA425@balabit.hu>
In-reply-to: <[🔎] 20020419010544.11832349.waldeg@t-online.de>
References: <[🔎] 20020418193427.925A2679C3@sheflug.shef-lug.net> <[🔎] 20020419010544.11832349.waldeg@t-online.de>

Hi All!

On 2002 Apr 19, Waldemar Gorus wrote:
> 
> could someone please wrote about the smurf attack?

Smurf attack is a DDoS (Distributed Denial of Service) attack.

It's use, that some OS reply to ping sended to broadcast address.

The attacker send _one_ ICMP ping to the accelerator network broadcast
adress, and set source address to the attacked machine adress.
If the accelerator network has enough computer answering the fake ping,
it's flooding the attacked machine network.

If you at the attacked end of the network, cannot do anithing, becouse
ping replys hitting you, anithing you do.

But the real solution is, if the accelerator networks disappear.
For this, you must drop pings (or anything, becouse there are no fonction
use this) going to broadcast address. (Especially incoming packet to your
own network broadcast adress).

-- 
Szalay Attila                         BalaBit IT Biztonságtechnikai Kft.
tel/fax:(36-1)-217-14-98              1092 Bp. Köztelek u. 4/b
mobil:(36-20)-950-30-55               http://www.balabit.hu

ps.: I hope you understand this, becouse my english is horrible. :)

-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Smurf
  - From: Nathan E Norman <nnorman@micromuse.com>

References:
- Smurf
  - From: Richard Ibbotson <richard@sheflug.co.uk>
- Re: Smurf
  - From: WaldeG@t-online.de (Waldemar Gorus)

Prev by Date: Re: Smurf
Next by Date: Re: Masquerading does not hide internal IP addresses
Previous by thread: Re: Smurf
Next by thread: Re: Smurf
Index(es):
- Date
- Thread