A Smurf-attack is a type of DDoS attack that exploits the ICMP protocol and causes a stream of packets to the victim. At startup, large packages are created when using a method called "spoofing". The intended result is to slow down the target system to such an extent that it becomes inoperable and vulnerable. The Smurf-attack got its name from the tool of the same name, widely used back in the 1990s. Even a small ICMP packet generated by the tool created big problems for the victim, hence the name Smurf.
The principle of operation
The Smurf-attack is launched from the attacker's computer. It is aimed at a router that interacts with a large number of devices. The hacker sends large ICMP requests to the router, as a result of which the connected devices respond to the ping.
Any device connected to this router that can respond to ping will not be able to recognize fake IP addresses. As a result, the original request is amplified and the victim's server will be disabled.
The main types of Smurf-attacks
- Standard Attack:
A standard smurf-attack occurs when the victim's network is at the center of a stream of ICMP request packets. The packets contain the source address, which is set to the broadcast network address of the intended target. If the attack is successful, every device connecting to the target network can then reply to the ICMP request with an echo request, which can result in tons of traffic and probably result in a system crash.
- Advanced Attack:
This type starts with the echo request’s source being built to respond to a third-party victim. After that, the third-party victim will receive an echo request that comes from the target subnet.
Methods of protection
Smurf-attacks are still a threat. Advances in DDoS protection enable network peripherals to intercept incoming requests to strain dangerous traffic from smart traffic. Deploying embedded or scrubbing technology to stop DDoS attacks will considerably scale back the impact on your network, business, and customers.
In addition to the benefits that advanced DDoS mitigation measures bring, you can protect yourself from a smurf attack by blocking directed broadcast traffic entering the network. Input filtering can be used to check all incoming packets. They will be denied or allowed to log in based on the legitimacy of their package header.