Smurf attacks are a type of denial of service attack, in which the Internet Control Message Protocol (ICMP) and broadcasts are being exploited. Normal ICMP requests (commonly referred to as pings) are used to verify network connectivity. But since they require a response from the target machine, they can maliciously be used to consume network resources if many are sent at once.
Broadcasts come into the equation, however, since they give capability to send requests to every computer on a network. Obviously if a broadcast were to be sent multiple times, the traffic would slow down the network. Imagine 100 computers sending back an ICMP request at the same time- network performance would take a huge dip.
It should be noted that smurf attacks work via an attacker spoofing the IP address of the broadcast. The IP address is actually the IP address of the victim the attacker chooses. When every computer on the network responds to the ICMP request, all of these requests go to the computer the attacker borrowed the IP address from. In this instance, the network only acts as an amplifier to the attack, not necessarily the victim.
No comments:
Post a Comment