Smurf attack

The smurf technique

The so-called "smurf" technique is based on the use of broadcast servers to paralyze a network. A broadcast server is a server capable of duplicating a message and sending it to all machines present on the same network.

The scenario of such an attack is as follows:

  • the attacking machine sends a ping request (ping is a tool that exploits the ICMP protocol, making it possible to test connections on a network by sending a packet and waiting for the response) to one or more broadcast servers while falsifying the source IP address (the address the server is supposed to respond to in theory) and providing the IP address of a target machine.
  • the broadcast server passes on the request to the entire network;
  • all of the network's machines send a response to the broadcast server,
  • the broadcast server redirects the responses to the target machine.

As such, when the attacking machine sends a request to several broadcast servers located on different networks, all of the responses from computers on the various networks will be routed to the target machine.

Denial-of-service by SMURF

In this way the bulk of the attacker's work involves finding a list of broadcast servers and falsifying the response address in order to direct them to the target machine.

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM reaches more than 50 million unique visitors per month and is available in 11 languages.


This document, titled « Smurf attack », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (