| Knowledge Base | |
• New Search • |
Smurfing - An Invasion of your IP Address Space |
Article Number: I011 |
|
SUMMARYSmurfing is a form of network "attack" that can result in such a large traffic load on your wide-area Internet connection that you may be denied service across this link. This form of attack is also called a Denial of Service attack (DoS Attack). This article discusses "smurfing" and how you can help reduce the risk of a malicious attack. MORE INFORMATIONThe BasicsSmurfing is the result of a workstation generating a large directed broadcast PING with a spoofed source IP address (the address of the intended victim) to a destination network with lots of IP stations. Because it is a broadcast and is received by every station on the LAN, every station may respond with a PING back to the victim's address flooding and congesting their WAN and LAN. The Details of SmurfingRather than re-iterating what is well documented elsewhere, please refer to the definition of "smurfing" at the Webopaedia web site. The definition describes the details of this attack. A Strategy for its PreventionIt should be noted that it is very difficult to guard against becoming a victim in this form of attack, but there are a few strategies that can be used to ensure that you are not helping the attacker propogate the problem. Prevent it at the SourceIf your site is host to an uncontrolled user community, you may wish to place filters in your Orbitor router to prevent it from propogating a directed broadcast PING attack. To do so you must configure three filters in the Orbitor router. The three filters would be: 9-01&20-08&17-FFFFFF 9-01&20-08&18-FFFF 9-01&20-08&19-FF Don't RespondTo prevent your site from receiving directed broadcast PING requests, you may simply turn on the NetSafe Firewall on your Orbitor router. The NetSafe firewall will prevent the ICMP Echo requests from ever reaching your LAN, ultimately preventing your client workstations from responding to them. By preventing the response to these directed broadcast PING requests, you prevent the victim from receiving the flood of responses, saving your Internet bandwidth too. If You're the Intended VictimIf you are the intended victim, the ability to control these unsolicited responses is quite limited. If you feel you are a victim of a "smurf attack" you should contact your ISP immediately. They can help you recover and prevent further attacks, and may even be able to apprehend the attackers. REFERENCESYou may wish to visit the CERT Coordination Center for additional information on a variety of network security issues.§ |
|
| Keywords: IP, PING, smurfing, NetSafe Product: Orbitor Model: All |
|
Copyright © 1998 Develcon Electronics Ltd. All Rights Reserved. |