Smurf attack

December 2016

The smurf technique

The so-called "smurf" technique is based on the use of broadcast servers to paralyze a network. A broadcast server is a server capable of duplicating a message and sending it to all machines present on the same network.

The scenario of such an attack is as follows:

  • the attacking machine sends a ping request (ping is a tool that exploits the ICMP protocol, making it possible to test connections on a network by sending a packet and waiting for the response) to one or more broadcast servers while falsifying the source IP address (the address the server is supposed to respond to in theory) and providing the IP address of a target machine.
  • the broadcast server passes on the request to the entire network;
  • all of the network's machines send a response to the broadcast server,
  • the broadcast server redirects the responses to the target machine.

As such, when the attacking machine sends a request to several broadcast servers located on different networks, all of the responses from computers on the various networks will be routed to the target machine.

Denial-of-service by SMURF

In this way the bulk of the attacker's work involves finding a list of broadcast servers and falsifying the response address in order to direct them to the target machine.


Related :


Ataque Smurf
Ataque Smurf
Attaque par réflexion (Smurf)
Attaque par réflexion (Smurf)
Smurf attack
Smurf attack
Ataque por reflexão (Smurf)
Ataque por reflexão (Smurf)
This document entitled « Smurf attack » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.