Smurfing is a DoS - Denial of Service - attack popular among skript kiddies on the Internet. It is very lightweight to produce, can be relatively devastating, especially to smaller connections, and while it is in principle easier to block than many DoS attacks, in practice it's still quite effective.

The technique is quite simple. On the Internet, every computer belongs to a network. The details of this are myriad, if not complex, but suffice it to say that your computer knows not only its IP Address, it also knows which (sub)network it belongs to (these days, this is almost always determined by a netmask entry.) In addition to listening for messages directed to you, your computer listens to messages directed to the network's broadcast address. This address, which is generally the highest address in your network, is helpful for computers that offer a service to the local network, and want to tell everyone at once. Some network printers, for example, will send out announcement packets to the broadcast address, to let everyone know they are available.

Another thing that can be sent to the broadcast address is a ping packet - in technical terms, an ICMP Echo Request. Most computers, when a ping is sent to their broadcast address, will answer the ping individually, as though the ping had been addressed directly to them. This can be quite helpful, if you're a network admin trying to find out which computers are awake, but it is here that smurfing too becomes possible.

An age old technique for hurting someone on the internet was the ping flood. You would tell your computer to send an unending stream of ping packets to the victim, who would try to reply to them all. If your computer could outrace theirs, and if they weren't defended against such things, the effort of trying to answer everything would overwhelm their computer and bandwidth. These days however, ping floods are too easy to avoid, and too easy to trace. Skript kiddies discovered that if they flooded a broadcast address though, for every ping they sent in, 50, or 200 might come out (depending on how many computers heard that broadcast ping and replied). If the kiddies further forged the ping packet, to appear to come from their intended victim, then the 200 computers would dutifully send their ping replies to the victim. Thus one traceable ping flood became 200 ping floods originating from somewhere else. It is not hard to see why these sucker networks are called amplifiers.

Kiddies have had programs for some time which will wander the internet, looking for this or that vulnerability, so it is trivial for them to scan hundreds of big business networks, looking for ones which will allow these broadcast ping floods to accomplish their nefarious purposes. Once they find a network that has a good amplification factor, they add it to their list. Come attack time, they just start flooding a couple of the best amplifiers, pretending that the pings are coming from the victim, who in turn is deluged. Even if the victim's firewall drops every ping packet on the floor, (s)he may still suffer through sheer loss of bandwidth; their internet connection may be saturated by the flood of pings. This is bad.

Luckily, the solution is pretty simple. All that is required is for the admins of these big company networks to get a little smarter about not making themselves into amplifiers. Firewalls can be taught to drop all broadcast pings from the outside world, or maybe drop pings altogether (witness: does not respond to ping requests at all, and hasn't for some time.) It is getting harder for kiddies to find good smurfing networks, but when you close a door, you open a window, and it seems that the new generation of DDoS tools will make smurfing unnecessary anyhow.

A colloquial term used to describe a method of money laundering, where a large number of people (smurfs) each transports and deposits cash into a bank account, or buys bank drafts. The sums that each smurf transacts is under a minimum amount that the financial institution is obliged to report to a government regulatory authority. Smurfing (or structuring) has been used to evade taxes on profits earned and being remitted out of a jurisdiction, or to mask transactions of an illicit nature (including drug smuggling and terrorism).

Log in or registerto write something here or to contact authors.