Common Network Attack Strategies: Smurf Attacks

By Edward Tetz

Smurf attacks are popular Denial of Service (DoS) network attacks, likely named because of its use of a large number of small ICMP packets. The goal of this network attack is to create a crushing amount of traffic. This attack strategy came about as a function of ICMP (Internet Control Message Protocol) and the network broadcast address.

If an attacker has a large network segment that he is aware of, he can send a ping or an ICMP Echo Request to that broadcast address. Each host on that network should take that because the broadcast address was used, though the Echo Request is actually destined for itself.

What it should then do is generate an Echo Reply back to the attacker’s computer. This Echo Reply could cause a full Class B address block to generate up to 65,000 replies for one request packet.

This Echo Reply floods the attacker’s computer with replies that could then cripple his computer with only a few Echo Requests being sent out. Now, what if the attacker modifies that Echo Request when it goes out, and instead of specifying his address as the source of the packet, he specifies another address?

This trick allows an attacker to cause that crippling number of replies to be sent to an innocent third party, who would be the actual target of the Smurf attack.