
	Home > Ask the Security Experts > Network Security Questions & Answers > Can smurf attacks cause more than just a denial of service?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Can smurf attacks cause more than just a denial of service?

EXPERT RESPONSE FROM: Mike Chapple

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 01 April 2007
Can Smurf attacks do anything besides slow your network down?

EXPERT RESPONSE
Smurf attacks were one of the first network-based denial-of-service attacks to widely affect systems attached to the Internet. The Computer Emergency Response Team (CERT) first issued an advisory on smurf attacks in January 1998.

A smurf attack floods a network with unwanted traffic, and attackers pull this off by taking advantage of a design flaw in the Internet Control Message Protocol (ICMP) echo request/reply protocol, also called a "ping."

A ping allows remote systems to quickly determine whether another system is live on the network. If system X wants to "ping" system Y, it sends an ICMP echo request packet with a source address of X and a destination address of Y. When Y receives the echo request, it reads the source address (in this case, X) and sends an ICMP echo reply message back to the originating host. These replies quickly add up and, when repeated, can overwhelm the victim system, causing a denial of service.

In a smurf attack, a malicious system creates a fake ICMP echo request packet, using the victim system's IP address as the source address. Instead of sending this packet to a single system, the attacker sends it to a broadcast address, causing hundreds or thousands of systems to receive the request. Those systems all read the source address of the echo request and send back an echo reply to the victim system.

Now, 10 years after that first advisory, the smurf attack is generally regarded as a resolved threat, for two reasons. First, modern operating systems simply won't respond to an ICMP echo request that has a broadcast source address. Second, it's fairly simple to block inbound broadcast traffic at the router or firewall layer. For example, on Cisco routers, the command:

no ip directed-broadcast

will stop the use of the router if a smurf attack is detected.

So, the short answer to your question is no. Smurf attacks are strictly denial-of-service attacks and do not jeopardize the confidentiality or integrity of your data.

More information:

Hackers use DNS amplification attacks to flood packets and generate bogus traffic. Security expert Ed Skoudis reviews the threat.

Should service providers be doing more to prevent DDoS attacks?

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Network Security
	What OSI Layer 4 protocol does FTP use to guarantee data delivery?
	What firewall controls should be placed on the virtual private network (VPN)?
	How to obtain a digital certificate for a server
	What kinds of security defenses can prevent the hijacking of a city's fiber network?
	What are 'phlashing' attacks?
	Do strong passwords make it safer to conduct banking on an open connection?
	What firewall features will best protect a LAN from Internet hack attacks and malware?
	How to become an information security expert
	What are the differences between intrusion detection and intrusion prevention?
	Will there be DMZ routing issues if several firewalls serve as the default gateway?

Denial of Service Prevention

What are 'phlashing' attacks?

Black Hat 2007: Estonian attacks were a cyber riot, not warfare

Experts doubt Russian government launched DDoS attacks

Can service providers prevent DDoS attacks?

Metasploit Framework 3.0 released

Go Daddy investigates source of attack

Zero-day flaw found in Windows Media Player

Research shows massive botnet growth

Flaw found in Toshiba wireless device driver

iTunes flaw could enable malicious code

Denial of Service Prevention Research

Organized Cybercrime

Cisco: Cybercriminals more savvy than ever in 2008

Cybercrime leaves cybercops in the virtual dust

Spam declines, Web-based attacks rise, says MessageLabs

Microsoft flaw reveals inefficient security model

ICANN transfers EstDomains customers to Directi

Symantec values market for stolen data at $276 million

McColo shutdown won't stop spam, malware, warn security experts

Express Scripts offers reward in hacker extortion case

Programmer charged for sniffer used in TJX breach

Anti-cybercrime legislation sent to president

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Electrohippies Collective (SearchSecurity.com)

packet monkey (SearchSecurity.com)

pulsing zombie (SearchSecurity.com)

zombie (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy