
	Where results make sense

Topic: Smurf attack

Related Topics

Smurf (disambiguation)

Badtrans

Law enforcement agent

Step by Step

Spring Hill, Iowa

West Providence Township, Pennsylvania

Zelienople, Pennsylvania

Thetford Township, Michigan

Karl Gauss

Red Crayola

Scopidae

Sproul Plaza

UN Security Council Resolution 678

Ninja Tune

In the News (Fri 27 Nov 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	Denial-of-service attack - Wikipedia, the free encyclopedia
		A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system.
		Specific means of attack include: a smurf attack, in which excessive ICMP requests are broadcast to an entire network; bogus HTTP requests on the World Wide Web; incorrectly formed packets; and random traffic.
		In a distributed attack, the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and direct the attack, often through a botnet.
	en.wikipedia.org /wiki/Ddos (1652 words)

	CERT Advisory CA-1998-01 Smurf IP Denial-of-Service Attacks
		The attack described in this advisory is different from the denial-of-service attacks described in CERT advisory CA-97.28.
		In the "smurf" attack, attackers are using ICMP echo request packets directed to IP broadcast addresses from remote locations to generate denial-of-service attacks.
		Attacks like the smurf attack rely on the use of forged packets, that is, packets for which the attacker deliberately falsifies the origin address.
	www.cert.org /advisories/CA-1998-01.html (2731 words)

	Characterizing and Tracing Packet Floods Using Cisco Routers (Site not responding. Last check: 2007-10-09)
		The most productive approach for the ultimate target of a smurf attack is to contact the reflectors, either to ask them to reconfigure their networks to shut down the attack, or to ask for their assistance in tracing the stimulus stream.
		Because the damage to the ultimate target of a smurf attack is usually caused by overloading of the incoming link from the Internet, there's often no response other than to contact the reflectors; by the time the packets arrive at any machine under the target's control, most of the damage has already been done.
		The fraggle attack is analogous to the smurf attack, except that UDP echo requests are used for the stimulus stream instead of ICMP echo requests.
	www.windowsecurity.com /pages/article_p.asp?id=760 (3844 words)

	Preventing Smurf Attacks
		SMURF and similar Denial-of-service (DoS) attacks can do serious damage to your network services, be it either as an individual end-user or as an entire institution in that your network or host can be inundated with unwanted and maliciously sent traffic.
		A SMURF attack (named after the program used to perform the attack) is a method by which an attacker can send a moderate amount of traffic and cause a virtual explosion of traffic at the intended target.
		Since SMURF attacks use forged source addresses, tracking SMURF attacks back to their source can be a challenge.
	www.nordu.net /articles/smurf.html (747 words)

	Tutorial - Possible DoS (fraggle) Problem
		Smurf, and Smurf type attacks, begin when a hacker sends a large amount of ICMP echo (ping) traffic to a subnet broadcast address (say, for instance, xxx.xxx.xxx.255 - the 255 number marks this as a broadcast address).
		Actually, there are two victims of this type of attack when it is run: the network which is exploited to generate the ICMP traffic (called the intermediary, or "helper" network) and the system indicated by the spoofed IP address.
		The Fraggle DoS attack is essentially based on the same concept as the Smurf attack (namely that generating huge amounts of network traffic will disable a machine or cause it to lose connectivity to the Internet), but uses UDP instead of ICMP.
	www-arc.com /sara/cve/Possible_DoS_problem.html (917 words)

	[No title]
		The result is a devistating attack upon the spoofed ip with, depending on the amount of broadcast addresses used, many, many computers responding to the echo request.
		While this is general information on tracking spoofed packets, it must be noted that the victims of a smurf attack get packets from the listed source in the packets; i.e., they receive echo-reply packets truly from the source listed in the IP header.
		This attack is also known as the "pepsi" attack (again named after the exploit program), and can cause network devices to use up a large amount of CPU time responding to these packets.
	www.phreak.org /archives/exploits/denial/smurf.c (3667 words)

	Cisco - Characterizing and Tracing Packet Floods Using Cisco Routers
		Because the damage to the ultimate target of a smurf attack is usually caused by overloading of the incoming link from the Internet, there is often no response other than to contact the reflectors.
		Smurf stimulus packets are sent to a directed broadcast address, rather than to a unicast address, whereas ordinary ping floods almost always use unicasts.
		Because a process table attack requires the completion of the TCP initial handshake, it must generally be launched with the use of the IP address of a real machine to which the attacker has access (usually stolen access).
	www.cisco.com /warp/public/707/22.html (3790 words)

	2000103 : Smurf denial of service (Smurf_Attack)
		In a Smurf denial of service attack, ICMP echo request (ping) packets addressed to an IP broadcast address cause a large number of responses.
		This attack is frequently used against third parties, where an attacker forges the target's source address in a Smurf attack against a different target.
		This is commonly known as the Smurf attack.
	www.iss.net /security_center/reference/2000103.html (468 words)

	Attacked by smurf
		While a smurf attack can be used to completely disable a connection, it can also be used far more surreptitiously to just reduce bandwidth.
		Smurf attacks are clever: They use whole networks of computers to direct an overwhelming amount of traffic to a victim's machine.
		Launching a smurf attack requires finding a network that is attached to the Internet by a router that will forward ICMP requests.
	www.networkworld.com /archive/1999b/0222gearhead.html (682 words)

	SMURF/Directed Broadcast Vulnerabilities
		The "smurf" attack, named after its exploit program, is one of the most recent in the category of network-level attacks against hosts.
		The "smurf" attack's cousin is called "fraggle", which uses UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of "smurf".
		From the statistics gathered on noticeable smurf attacks, we have seen a reduction in average bandwidth used on a smurf attack from 80 Mbps to 5 Mbps.
	www.ln.net /assoc/policies/smurf.html (3785 words)

	Cisco Router Firewall Security: DoS Protection (Site not responding. Last check: 2007-10-09)
		For a Fraggle, attack, if the entries in Statement 5 are increasing, this indicates that you are the victim; a large number of matches against Statement 6 indicates that you are the reflector.
		It is important to point out that in a Smurf attack, these are probably not the actual attacker devices, but Smurf reflectors (with Smurf, it is very unlikely that the attacker would use his own address as a source, unless he is a script kiddie).
		In a Smurf attack, in which reflectors are used to instigate the attack against a victim, it is fairly easy to determine who the reflectors are.
	www.informit.com /articles/article.asp?p=345618 (5966 words)

	"smurf" IP Denial-of-Service Attacks
		Topic: "smurf" IP Denial-of-Service Attacks ------------------------------------------------------------------------------ This advisory is intended primarily for network administrators responsible for router configuration and maintenance.
		These attacks have been referred to as "smurf" attacks because the name of one of the exploit programs attackers use to execute this attack is called "smurf." The CERT/CC urges you to take the steps described in Section III to reduce the potential that your site can be used as the origination site (Sec.
		Description The two main components to the smurf denial-of-service attack are the use of forged ICMP echo request packets and the direction of packets to IP broadcast addresses.
	www.ciac.org /ciac/bulletins/i-021a.shtml (3147 words)

	Smurf Attack
		The smurf attack, named after its exploit program, is a denial-of-service attack which uses spoofed broadcast ping messages to flood a target system.
		In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of it having a spoofed source address of a victim.
		Several years ago, most IP networks could be thus used in smurf attacks -- in the lingo, they were "smurfable".
	www.security.teleactivities.net /attacks/dos/smurf_attack.html (239 words)

	[No title]
		Smurf attacks can be devastating, both to the victim network and to the network(s) used to amplify the attack.
		A Smurf attack is not terribly sophisticated; it’s just a matter of routing and letting IP take its course.
		Smurf attacks can be devastating, but proper preparation can minimize their ability to propagate and their effect on your network.
	techrepublic.com.com /5102-6265-5034101.html (1015 words)

	Wired News: Smurfing Cripples ISPs
		The technique, known as smurfing, cannot be stopped with a software patch, and some network admins charge that the major Internet backbone providers - the only people who can halt and trace smurfs - aren't taking the problem seriously enough.
		A smurf begins when a single malicious user sends a stream of Internet Control Message Protocol, or ping, packets - used to determine if a machine is alive - to a target network's central "directed broadcast" address, which is rarely used, but easily obtained.
		Smurfs are the most difficult denial of service attack to trace, said Dale Drew, MCI's senior manager of security engineering.
	wired-vig.wired.com /news/technology/0,1282,9506,00.html (1548 words)

	SecuriTeam.com ™ - Many name servers are vulnerable to traffic amplification and NS route discovery
		A few years ago, when the Smurf ICMP denial of service attack got publicly known nearly everyone was able to saturate any link by abusing other networks as a traffic amplifier.
		Since then numerous amplify attacks have been discovered, such as The "MAC DoS Attack", a x37 traffic amplify attack and DNS Smurf (through query/answer ratio), the original posting of the Smurf attack is ICMP ECHO Requests to Broadcast addresses (ICMP Smurf attack).
		Since the important entries such as the NS entry is in the cache of each name server after the first query, the attack is very fast pacing after the first query, since no additional packets are sent to the attacker and the attacker may spoof the UDP query packets.
	www.securiteam.com /exploits/5YP0E1F0KU.html (1275 words)

	What is smurf? - A Word Definition From the Webopedia Computer Dictionary (Site not responding. Last check: 2007-10-09)
		A type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests.
		These are special addresses that broadcast all received messages to the hosts connected to the subnet.
		Smurfing falls under the general category of Denial of Service attacks -- security attacks that don't try to steal information, but instead attempt to disable a computer or network.
	www.webopedia.com /TERM/S/smurf.html (214 words)

	pintday.org: Magnification Attacks: Smurf and Fraggle
		The multiplication effect of these attacks make it possible for an attacker with limited bandwidth to generate a packet stream much larger than would normally have been possible.
		An ICMP magnification attack (or Smurf) uses ICMP Echo (ping) packets to generate multiple ICMP Echo Replies.
		If you are running these services, you may find yourself the victim of a UDP magnification attack.Though these types attacks are generally less serious than their ICMP cousins, they can cause performance degradation and service denial.
	pintday.org /whitepapers/dos-smurf.shtml (991 words)

	Smurf Attack, Fraggle Attack, Spoofing, SYN Attack definition
		Smurf Attack - When a perpetrator sends a large number of ICMP echo (ping) traffic at IP broadcast addresses, using a fake source address.
		Fraggle Attack - When a perpetrator sends a large number of UDP echo (ping) traffic at IP broadcast addresses, all of it having a fake source address.
		These attacks are targeted at specific TCP stacks that cannot handle this type of packet and overload the victim's servers.
	www.unixcities.com /dos-attack/index1.html (496 words)

	"Smurf" attack hits Minnesota \| CNET News.com
		According to Bergum and a statement released by the university, the attack was of the kind known as a "smurf denial of service" attack.
		In a "smurf" attack, the attacker specifies the targeted computer as the ping packet's return address and sends out enough requests to guarantee a deluge of responses.
		The attack affected MRNet because the ISP has a cooperative agreement with the university to share bandwidth provided by MCI Communications and Sprint, according to Bergum.
	news.com.com /2100-1001_3-209209.html (836 words)

	2000205
		The attacker isn't trying to attack you, but instead is using a feature known as "spoofing" to attack some third party.
		This attack was common during the Kosovo crisis.
		Also used in the smurf attack, which is similar to fraggle.
	www.iss.net /security_center/advice/Intrusions/2000205 (660 words)

	[No title]
		A complete revision history is at the end of this file.
		Topic: "smurf" IP Denial-of-Service Attacks - ----------------------------------------------------------------------------- This advisory is intended primarily for network administrators responsible for router configuration and maintenance.
		A detailed description of this type of filtering is available in RFC 2267, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing" by Paul Ferguson of Cisco Systems, Inc.
	packetstormsecurity.nl /advisories/cert/CA-98.01.smurf (2833 words)

	Symantec Security Response - Smurf DoS Attack (Site not responding. Last check: 2007-10-09)
		In the case of a Smurf DoS attack, the ping's packet return IP address is forged with the IP of the targeted machine.
		This is called a Smurf attack because the DoS tool used to perform the attack is called Smurf.
		One way to reduce risk of this attack is to disable IP-directed broadcast, which is often not used or needed.
	securityresponse.symantec.com /avcenter/venc/data/smurf.dos.attack.html (195 words)

	stolen from http
		This is valuable for filtering out attacks, but is also useful for characterizing unknown attacks, and for tracing "spoofed" packet streams back to their real sources.
		It is also possible for the traffic returned from the target host to cause trouble on routers; because this return traffic goes to the randomized source addresses of the original packets, it lacks the locality properties of "real" IP traffic, and may overflow route caches.
		For more general information about smurf attacks in general, and for information about protecting non-Cisco equipment, see the Denial of Service Attacks Information page
	www.nthelp.com /tracking_with_cisco.htm (3731 words)

	[No title] (Site not responding. Last check: 2007-10-09)
		The most common attacks that are launched by the Trinity are SYN attacks and the UDP flooding.
		Because of the avalanche effect of the DDOS attacks for this option to be effective it must be deployed as depth into the network as possible (closer to the source of the attack packets).
		The attack was on the DNS that the Microsoft was using.
	www.eecis.udel.edu /~sridhara/research/papers/DRReport.doc (5040 words)

Try your search on: Qwika (all wikis)