[Music]
[Laughter]
the Smurf attack is a distributed
denial-of-service attack in which large
numbers of Internet control message
protocol in packets with the intended
victim spoofed source IP are broadcast
to a computer network using an IP
broadcast address most devices on a
network will by default respond to this
by sending a reply to the source IP
address if the number of machines on the
network that receive and respond to
these packets is very large the victims
container will be flattered with traffic
this can slow down the victims computer
to the point where it becomes impossible
to work on in the late 1990s many IP
networks would participate in Smurf
attacks if prompted that is they would
respond to written requests sent to
broadcast addresses the name comes from
the idea of very small but numerous
attackers overwhelming a much larger
opponent see smurf today administrators
can make a network immune to such abuse
therefore very few networks remain
vulnerable to smurf attacks the fix is
twofold one configure individual hosts
and routers to not respond to the
requests or broadcasts or to configure
routers to not forward packets directed
to broadcast addresses until 1999
standards required routers to forward
such packets by default since then the
default standard was changed to not
forward such packets another proposed
solution is network ingress filtering
which rejects the attacking packets on
the basis of the forged source address
an example of configuring a router so it
will not forward packets to broadcast
addresses for a Cisco router is router
can
pants I know if directed broadcast this
example does not protect a network from
becoming the target of Smurf attack it
merely prevents the network from
participating in a smurf attack a smurf
amplifier is a computer network that
lends itself to being used in a smurf
attack Smurfs amplifiers asked to worsen
the severity of a smurf attack because
they are configured in such a way that
they generate a large number of attempt
replies to the victim at the spoofed
source IP address a Fraggle attack is a
variation of a smurf attack where an
attacker sends a large amount of ugh
traffic to port 7 echo and 19 target to
an IP broadcast address with the
intended victim spoofed floors IP
address it works very similar to the
Smurf attack in that many computers on
the network will respond to this traffic
by sending traffic back to the spoofed
source IP of the victim flooding it with
traffic fraggle da see the source code
of the attack was also released by freak