Smurf attack, also known as ICMP Echo Request, is a distributed reflection denial of service (DRDoS).
Othe examples of DRDoS are DNS poisoning and fraggle attack.
Description of smurf attack
Smurf attack is performed as follows:
- First, the malware creates a network packet attached to a false IP address representing the victim — a technique known as “spoofing.”
- Inside the packet there is an ICMP ping message, asking network nodes that receive the packet to send back a reply
- These replies, or “echoes,” are then sent back to network IP addresses again, setting up an infinite loop.
How to prevent smurf attack
If s system is configured according to RFC 2644 (that was released in 1999), routers no longer forward directed broadcast traffic and they cannot be used as smurf amplifiers.
ICMP is frequently disabled on firewalls, routers and even many servers. When done, smurf attack is prevented.