The smurf technique
The so-called "smurf" technique is based on the use of broadcast servers to paralyze a network. A broadcast server is a server capable of duplicating a message and sending it to all machines present on the same network.
The scenario of such an attack is as follows:
- the attacking machine sends a ping request (ping is a tool that exploits the ICMP protocol, making it possible to test connections on a network by sending a packet and waiting for the response) to one or more broadcast servers while falsifying the source IP address (the address the server is supposed to respond to in theory) and providing the IP address of a target machine.
- the broadcast server passes on the request to the entire network;
- all of the network's machines send a response to the broadcast server,
- the broadcast server redirects the responses to the target machine.
As such, when the attacking machine sends a request to several broadcast servers located on different networks, all of the responses from computers on the various networks will be routed to the target machine.
In this way the bulk of the attacker's work involves finding a list of broadcast servers and falsifying the response address in order to direct them to the target machine.
Attaque par réflexion (Smurf)
Ataque por reflexão (Smurf)
Latest update on October 16, 2008 at 09:43 AM by Jeff.