Smurfing
(also ICMP flood attack)
Smurfing definition
Smurfing is a type of DoS attack that involves sending a large number of ICMP (Internet Control Message Protocol) packets to a target computer or network. It exploits the broadcast nature of ICMP, allowing a single packet to broadcast to multiple computers at once. The ICMP packets with spoofed source IP addresses cause the target computers to reply with ICMP echo replies. So if the attacker sends enough ICMP packets, they can overwhelm the target computer or network with traffic. Consequently, this computer or network might become inaccessible to the user. Smurfing attacks are particularly effective against networks with many computers, such as those used by ISPs. These attacks are difficult to detect and mitigate because the traffic appears to come from multiple legitimate sources.
Preventing smurfing
- Disable IP-directed broadcasts
- Enable Unicast Reverse Path Forwarding (uRPF)
- Configure router filters
- Use intrusion prevention systems (IPS)
- Always keep your software up to date
- Implement strong access controls on your infrastructure