2.2.3 SMURF Attack

The Smurf attack works by sending a large number of spoofed ICMP ping packets to addresses which will rebroadcast them to all members of the target network. These packets multiply and demand an ICMP echo reply. Potentially, hundreds of hosts now contend for network bandwidth to broadcast these replies. The target, which had its address used as the spoof address, is also bombarded with hundreds of replies to a ping it never sent. This can seriously degrade the network as the extra packets are processed.

Fortunately, Smurf attacks can be diminished by turning off the directed broadcast capability of the routers in the network. This will prevent the network from being used as a force multiplier or bounce site.