Smurf Attack is a type of DoS Attack, in this we generate significant computer network traffic on a victim network.
The attacker uses a program called Smurf to cause the attacked part of a network to become inoperable. The exploit of smurfing, as it has come to be known, takes advantage of certain known characteristics of the Internet Protocol (IP) and the Internet Control Message Protocol (ICMP). The ICMP is used by network nodes and their administrators to exchange information about the state of the network.
ICMP can be used to ping other nodes to see if they are operational. An operational node returns an echo message in response to a ping message.
How a Smurf attack works: A Smurf attack is not terribly sophisticated; it’s just a matter of routing and letting IP take its course. The attack usually unfolds in five simple steps:
- Hacker identifies a victim IP address (your Web server is usually a nice high-profile target).
- Hacker identifies an intermediary site that will amplify the attack (usually several are selected, to further disguise the attack).
- Hacker sends a large amount of ICMP (ping, layer 3) traffic at the broadcast address of the intermediary sites. These packets have the source IP address spoofed to point towards the victim.
- Intermediaries deliver the broadcast at layer 2 to all the hosts on their subnet.
