Smurf attack

January 2017

The smurf technique

The so-called "smurf" technique is based on the use of broadcast servers to paralyze a network. A broadcast server is a server capable of duplicating a message and sending it to all machines present on the same network.

The scenario of such an attack is as follows:

  • the attacking machine sends a ping request (ping is a tool that exploits the ICMP protocol, making it possible to test connections on a network by sending a packet and waiting for the response) to one or more broadcast servers while falsifying the source IP address (the address the server is supposed to respond to in theory) and providing the IP address of a target machine.
  • the broadcast server passes on the request to the entire network;
  • all of the network's machines send a response to the broadcast server,
  • the broadcast server redirects the responses to the target machine.

As such, when the attacking machine sends a request to several broadcast servers located on different networks, all of the responses from computers on the various networks will be routed to the target machine.

Denial-of-service by SMURF

In this way the bulk of the attacker's work involves finding a list of broadcast servers and falsifying the response address in order to direct them to the target machine.

Related



Ataque Smurf
Ataque Smurf
Attaque par réflexion (Smurf)
Attaque par réflexion (Smurf)
Smurf attack
Smurf attack
Ataque por reflexão (Smurf)
Ataque por reflexão (Smurf)
Latest update on October 16, 2008 at 09:43 AM by Jeff.
This document, titled "Smurf attack," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).