A type of denial of service attack in which the perpetrator sends a ping request to a receiving site. That ping packet specifies that it be broadcast to a number of hosts within the receiving site's local network. The packet also indicates that the request is from another site, the target site that is to receive the denial of service. The result will be lots of ping replies flooding back to the innocent, spoofed host. If the flood is great enough, the spoofed host will no longer be able to receive or distinguish real traffic.

See also: buffer overflow attack, SYN attack, teardrop attack
A type of internet distributed denial of service (DDOS) attack where an attacker attempts to overwhelm the victim by tricking third parties into sending large amounts of traffic. These third-parties are called smurf amplifiers because a single packet set to an amplifier results in many packets being sent to the victim.

A smurf attack works by using a directed broadcast ping with the victim's IP spoofed as the return address for the ping. (A directed broadcast is a packet send to the broadcast address of a particular subnet. Routers unicast the broadcast via the internet. The router directly connected to the destination subnet converts the packet from a directed broadcast into a pure broadcast packet - IP address 255.255.255.255.) When the broadcast hits the amplifier subnet, all computers connected to that particular subnet transmit a ping reply to the victims IP address. The principle idea is that the attacker uses only a small amount bandwidth in comparison to the amount of bandwidth depleted from the victim. In military terms a smurf amplifier is a force multiplier. The attack can be made more potent by increasing the size of the ping packet and by using multiple amplifiers.

Simple defenses against IP address spoofing will prevent a malicious user on a network from originating a smurf attack, whilst disabling directed broadcasts on all routers will prevent a subnet from being used as a smurf amplifier. A good firewall helps. Protection for victims is not so easy because simply thwarting the smurf attack at the victim's firewall still means that the victim's incoming internet connection is swamped. Thus protection needs to be upstream from the victim.

Log in or register to write something here or to contact authors.