[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Smurf



On Fri, Apr 19, 2002 at 09:03:15AM +0200, Attila SZALAY wrote:
> Hi All!
> 
> On 2002 Apr 19, Waldemar Gorus wrote:
> > 
> > could someone please wrote about the smurf attack?
> 
> Smurf attack is a DDoS (Distributed Denial of Service) attack.
> 
> It's use, that some OS reply to ping sended to broadcast address.
> 
> The attacker send _one_ ICMP ping to the accelerator network broadcast
> adress, and set source address to the attacked machine adress.
> If the accelerator network has enough computer answering the fake ping,
> it's flooding the attacked machine network.
> 
> If you at the attacked end of the network, cannot do anithing, becouse
> ping replys hitting you, anithing you do.
> 
> But the real solution is, if the accelerator networks disappear.
> For this, you must drop pings (or anything, becouse there are no fonction
> use this) going to broadcast address. (Especially incoming packet to your
> own network broadcast adress).

Good stuff ... your english is not too bad :)

Some links:

http://www.mycert.org.my/network-abuse/dos.htm
  (the linux stuff is old, ipfwadm, but provides a starting point)

http://bugtraq.inet-one.com/dir.1997-10/msg00073.html

Note to OP:  Google is your friend.  I found these links in about ~30
seconds of searching (though I admit I'd read them before when I had
to disable directed broadcasts on Bay routers ...)

-- 
Nathan Norman - Micromuse Ltd.  mailto:nnorman@micromuse.com
Gil-galad was an Elven-king.            |  The Fellowship
Of him the harpers sadly sing:          |        of
the last whose realm was fair and free  |     the Ring
between the Mountains and the Sea.      |  J.R.R. Tolkien

Attachment: pgpIM5bZV2NsX.pgp
Description: PGP signature


Reply to: