0:00:00.000,0:00:10.000 [Music] 0:00:10.000,0:00:19.000 [Laughter] 0:00:19.000,0:00:23.000 the Smurf attack is a distributed 0:00:23.000,0:00:26.000 denial-of-service attack in which large 0:00:26.000,0:00:30.000 numbers of Internet control message 0:00:30.000,0:00:35.000 protocol in packets with the intended 0:00:35.000,0:00:39.000 victim spoofed source IP are broadcast 0:00:39.000,0:00:44.000 to a computer network using an IP 0:00:44.000,0:00:50.000 broadcast address most devices on a 0:00:50.000,0:00:55.000 network will by default respond to this 0:00:55.000,0:00:59.000 by sending a reply to the source IP 0:00:59.000,0:01:03.000 address if the number of machines on the 0:01:03.000,0:01:07.000 network that receive and respond to 0:01:07.000,0:01:11.000 these packets is very large the victims 0:01:11.000,0:01:15.000 container will be flattered with traffic 0:01:15.000,0:01:19.000 this can slow down the victims computer 0:01:19.000,0:01:25.000 to the point where it becomes impossible 0:01:25.000,0:01:31.000 to work on in the late 1990s many IP 0:01:31.000,0:01:36.000 networks would participate in Smurf 0:01:36.000,0:01:40.000 attacks if prompted that is they would 0:01:40.000,0:01:44.000 respond to written requests sent to 0:01:44.000,0:01:49.000 broadcast addresses the name comes from 0:01:49.000,0:01:54.000 the idea of very small but numerous 0:01:54.000,0:02:00.000 attackers overwhelming a much larger 0:02:00.000,0:02:06.000 opponent see smurf today administrators 0:02:06.000,0:02:11.000 can make a network immune to such abuse 0:02:11.000,0:02:17.000 therefore very few networks remain 0:02:17.000,0:02:24.000 vulnerable to smurf attacks the fix is 0:02:24.000,0:02:30.000 twofold one configure individual hosts 0:02:30.000,0:02:36.000 and routers to not respond to the 0:02:36.000,0:02:43.000 requests or broadcasts or to configure 0:02:43.000,0:02:49.000 routers to not forward packets directed 0:02:49.000,0:02:55.000 to broadcast addresses until 1999 0:02:55.000,0:03:01.000 standards required routers to forward 0:03:01.000,0:03:06.000 such packets by default since then the 0:03:06.000,0:03:11.000 default standard was changed to not 0:03:11.000,0:03:16.000 forward such packets another proposed 0:03:16.000,0:03:20.000 solution is network ingress filtering 0:03:20.000,0:03:24.000 which rejects the attacking packets on 0:03:24.000,0:03:29.000 the basis of the forged source address 0:03:29.000,0:03:34.000 an example of configuring a router so it 0:03:34.000,0:03:40.000 will not forward packets to broadcast 0:03:40.000,0:03:44.000 addresses for a Cisco router is router 0:03:44.000,0:03:48.000 can 0:03:48.000,0:03:54.000 pants I know if directed broadcast this 0:03:54.000,0:03:59.000 example does not protect a network from 0:03:59.000,0:04:03.000 becoming the target of Smurf attack it 0:04:03.000,0:04:07.000 merely prevents the network from 0:04:07.000,0:04:12.000 participating in a smurf attack a smurf 0:04:12.000,0:04:16.000 amplifier is a computer network that 0:04:16.000,0:04:21.000 lends itself to being used in a smurf 0:04:21.000,0:04:26.000 attack Smurfs amplifiers asked to worsen 0:04:26.000,0:04:29.000 the severity of a smurf attack because 0:04:29.000,0:04:32.000 they are configured in such a way that 0:04:32.000,0:04:36.000 they generate a large number of attempt 0:04:36.000,0:04:41.000 replies to the victim at the spoofed 0:04:41.000,0:04:46.000 source IP address a Fraggle attack is a 0:04:46.000,0:04:50.000 variation of a smurf attack where an 0:04:50.000,0:04:56.000 attacker sends a large amount of ugh 0:04:56.000,0:05:02.000 traffic to port 7 echo and 19 target to 0:05:02.000,0:05:06.000 an IP broadcast address with the 0:05:06.000,0:05:11.000 intended victim spoofed floors IP 0:05:11.000,0:05:16.000 address it works very similar to the 0:05:16.000,0:05:20.000 Smurf attack in that many computers on 0:05:20.000,0:05:24.000 the network will respond to this traffic 0:05:24.000,0:05:28.000 by sending traffic back to the spoofed 0:05:28.000,0:05:34.000 source IP of the victim flooding it with 0:05:34.000,0:05:42.000 traffic fraggle da see the source code 0:05:42.000,0:05:46.000 of the attack was also released by freak