WEBVTT 00:00:00.000 --> 00:00:10.000 [Music] 00:00:10.000 --> 00:00:19.000 [Laughter] 00:00:19.000 --> 00:00:23.000 the Smurf attack is a distributed 00:00:23.000 --> 00:00:26.000 denial-of-service attack in which large 00:00:26.000 --> 00:00:30.000 numbers of Internet control message 00:00:30.000 --> 00:00:35.000 protocol in packets with the intended 00:00:35.000 --> 00:00:39.000 victim spoofed source IP are broadcast 00:00:39.000 --> 00:00:44.000 to a computer network using an IP 00:00:44.000 --> 00:00:50.000 broadcast address most devices on a 00:00:50.000 --> 00:00:55.000 network will by default respond to this 00:00:55.000 --> 00:00:59.000 by sending a reply to the source IP 00:00:59.000 --> 00:01:03.000 address if the number of machines on the 00:01:03.000 --> 00:01:07.000 network that receive and respond to 00:01:07.000 --> 00:01:11.000 these packets is very large the victims 00:01:11.000 --> 00:01:15.000 container will be flattered with traffic 00:01:15.000 --> 00:01:19.000 this can slow down the victims computer 00:01:19.000 --> 00:01:25.000 to the point where it becomes impossible 00:01:25.000 --> 00:01:31.000 to work on in the late 1990s many IP 00:01:31.000 --> 00:01:36.000 networks would participate in Smurf 00:01:36.000 --> 00:01:40.000 attacks if prompted that is they would 00:01:40.000 --> 00:01:44.000 respond to written requests sent to 00:01:44.000 --> 00:01:49.000 broadcast addresses the name comes from 00:01:49.000 --> 00:01:54.000 the idea of very small but numerous 00:01:54.000 --> 00:02:00.000 attackers overwhelming a much larger 00:02:00.000 --> 00:02:06.000 opponent see smurf today administrators 00:02:06.000 --> 00:02:11.000 can make a network immune to such abuse 00:02:11.000 --> 00:02:17.000 therefore very few networks remain 00:02:17.000 --> 00:02:24.000 vulnerable to smurf attacks the fix is 00:02:24.000 --> 00:02:30.000 twofold one configure individual hosts 00:02:30.000 --> 00:02:36.000 and routers to not respond to the 00:02:36.000 --> 00:02:43.000 requests or broadcasts or to configure 00:02:43.000 --> 00:02:49.000 routers to not forward packets directed 00:02:49.000 --> 00:02:55.000 to broadcast addresses until 1999 00:02:55.000 --> 00:03:01.000 standards required routers to forward 00:03:01.000 --> 00:03:06.000 such packets by default since then the 00:03:06.000 --> 00:03:11.000 default standard was changed to not 00:03:11.000 --> 00:03:16.000 forward such packets another proposed 00:03:16.000 --> 00:03:20.000 solution is network ingress filtering 00:03:20.000 --> 00:03:24.000 which rejects the attacking packets on 00:03:24.000 --> 00:03:29.000 the basis of the forged source address 00:03:29.000 --> 00:03:34.000 an example of configuring a router so it 00:03:34.000 --> 00:03:40.000 will not forward packets to broadcast 00:03:40.000 --> 00:03:44.000 addresses for a Cisco router is router 00:03:44.000 --> 00:03:48.000 can 00:03:48.000 --> 00:03:54.000 pants I know if directed broadcast this 00:03:54.000 --> 00:03:59.000 example does not protect a network from 00:03:59.000 --> 00:04:03.000 becoming the target of Smurf attack it 00:04:03.000 --> 00:04:07.000 merely prevents the network from 00:04:07.000 --> 00:04:12.000 participating in a smurf attack a smurf 00:04:12.000 --> 00:04:16.000 amplifier is a computer network that 00:04:16.000 --> 00:04:21.000 lends itself to being used in a smurf 00:04:21.000 --> 00:04:26.000 attack Smurfs amplifiers asked to worsen 00:04:26.000 --> 00:04:29.000 the severity of a smurf attack because 00:04:29.000 --> 00:04:32.000 they are configured in such a way that 00:04:32.000 --> 00:04:36.000 they generate a large number of attempt 00:04:36.000 --> 00:04:41.000 replies to the victim at the spoofed 00:04:41.000 --> 00:04:46.000 source IP address a Fraggle attack is a 00:04:46.000 --> 00:04:50.000 variation of a smurf attack where an 00:04:50.000 --> 00:04:56.000 attacker sends a large amount of ugh 00:04:56.000 --> 00:05:02.000 traffic to port 7 echo and 19 target to 00:05:02.000 --> 00:05:06.000 an IP broadcast address with the 00:05:06.000 --> 00:05:11.000 intended victim spoofed floors IP 00:05:11.000 --> 00:05:16.000 address it works very similar to the 00:05:16.000 --> 00:05:20.000 Smurf attack in that many computers on 00:05:20.000 --> 00:05:24.000 the network will respond to this traffic 00:05:24.000 --> 00:05:28.000 by sending traffic back to the spoofed 00:05:28.000 --> 00:05:34.000 source IP of the victim flooding it with 00:05:34.000 --> 00:05:42.000 traffic fraggle da see the source code 00:05:42.000 --> 00:05:46.000 of the attack was also released by freak