Re: Smurf
Hi All!
On 2002 Apr 19, Waldemar Gorus wrote:
>
> could someone please wrote about the smurf attack?
Smurf attack is a DDoS (Distributed Denial of Service) attack.
It's use, that some OS reply to ping sended to broadcast address.
The attacker send _one_ ICMP ping to the accelerator network broadcast
adress, and set source address to the attacked machine adress.
If the accelerator network has enough computer answering the fake ping,
it's flooding the attacked machine network.
If you at the attacked end of the network, cannot do anithing, becouse
ping replys hitting you, anithing you do.
But the real solution is, if the accelerator networks disappear.
For this, you must drop pings (or anything, becouse there are no fonction
use this) going to broadcast address. (Especially incoming packet to your
own network broadcast adress).
--
Szalay Attila BalaBit IT Biztonságtechnikai Kft.
tel/fax:(36-1)-217-14-98 1092 Bp. Köztelek u. 4/b
mobil:(36-20)-950-30-55 http://www.balabit.hu
ps.: I hope you understand this, becouse my english is horrible. :)
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- Follow-Ups:
- Re: Smurf
- From: Nathan E Norman <nnorman@micromuse.com>
- References:
- Smurf
- From: Richard Ibbotson <richard@sheflug.co.uk>
- Re: Smurf
- From: WaldeG@t-online.de (Waldemar Gorus)