[Snort-users] Smurf Amplification Attack

Cedric mailing-lists at ...134...
Tue May 29 15:07:35 EDT 2001


Hello Ben,

BJ> "Smurf Amplification"

reference to smurf.c, one of the many exploits available
on the "amplification" model.

BJ> What is it Exactly?

people sedning echo request to broadcast adresses in
your networks from SPOOFED source. The poor dude then
receive impressive amount of echo replies he never asked
for. DDoS aimed at bandwidth.

eg : 1 ping to 192.168.3.255 (supposedly C-class)
generates 254 answers (if all the networks is occupied)

BJ> What can I do?

Disable ip directed broadcast at router level.
( cfr cisco docs , smth like no ip directed-broadcast )

have a look at www.netscan.org and securityfocus.com or
rootshell.com (if it's still alive ;))) searching for
"smurf.c"

-- 
 Cedric                            mailto:mailing-lists at ...134...






More information about the Snort-users mailing list