1 00:00:00,000 --> 00:00:10,000 [Music] 2 00:00:10,000 --> 00:00:19,000 [Laughter] 3 00:00:19,000 --> 00:00:23,000 the Smurf attack is a distributed 4 00:00:23,000 --> 00:00:26,000 denial-of-service attack in which large 5 00:00:26,000 --> 00:00:30,000 numbers of Internet control message 6 00:00:30,000 --> 00:00:35,000 protocol in packets with the intended 7 00:00:35,000 --> 00:00:39,000 victim spoofed source IP are broadcast 8 00:00:39,000 --> 00:00:44,000 to a computer network using an IP 9 00:00:44,000 --> 00:00:50,000 broadcast address most devices on a 10 00:00:50,000 --> 00:00:55,000 network will by default respond to this 11 00:00:55,000 --> 00:00:59,000 by sending a reply to the source IP 12 00:00:59,000 --> 00:01:03,000 address if the number of machines on the 13 00:01:03,000 --> 00:01:07,000 network that receive and respond to 14 00:01:07,000 --> 00:01:11,000 these packets is very large the victims 15 00:01:11,000 --> 00:01:15,000 container will be flattered with traffic 16 00:01:15,000 --> 00:01:19,000 this can slow down the victims computer 17 00:01:19,000 --> 00:01:25,000 to the point where it becomes impossible 18 00:01:25,000 --> 00:01:31,000 to work on in the late 1990s many IP 19 00:01:31,000 --> 00:01:36,000 networks would participate in Smurf 20 00:01:36,000 --> 00:01:40,000 attacks if prompted that is they would 21 00:01:40,000 --> 00:01:44,000 respond to written requests sent to 22 00:01:44,000 --> 00:01:49,000 broadcast addresses the name comes from 23 00:01:49,000 --> 00:01:54,000 the idea of very small but numerous 24 00:01:54,000 --> 00:02:00,000 attackers overwhelming a much larger 25 00:02:00,000 --> 00:02:06,000 opponent see smurf today administrators 26 00:02:06,000 --> 00:02:11,000 can make a network immune to such abuse 27 00:02:11,000 --> 00:02:17,000 therefore very few networks remain 28 00:02:17,000 --> 00:02:24,000 vulnerable to smurf attacks the fix is 29 00:02:24,000 --> 00:02:30,000 twofold one configure individual hosts 30 00:02:30,000 --> 00:02:36,000 and routers to not respond to the 31 00:02:36,000 --> 00:02:43,000 requests or broadcasts or to configure 32 00:02:43,000 --> 00:02:49,000 routers to not forward packets directed 33 00:02:49,000 --> 00:02:55,000 to broadcast addresses until 1999 34 00:02:55,000 --> 00:03:01,000 standards required routers to forward 35 00:03:01,000 --> 00:03:06,000 such packets by default since then the 36 00:03:06,000 --> 00:03:11,000 default standard was changed to not 37 00:03:11,000 --> 00:03:16,000 forward such packets another proposed 38 00:03:16,000 --> 00:03:20,000 solution is network ingress filtering 39 00:03:20,000 --> 00:03:24,000 which rejects the attacking packets on 40 00:03:24,000 --> 00:03:29,000 the basis of the forged source address 41 00:03:29,000 --> 00:03:34,000 an example of configuring a router so it 42 00:03:34,000 --> 00:03:40,000 will not forward packets to broadcast 43 00:03:40,000 --> 00:03:44,000 addresses for a Cisco router is router 44 00:03:44,000 --> 00:03:48,000 can 45 00:03:48,000 --> 00:03:54,000 pants I know if directed broadcast this 46 00:03:54,000 --> 00:03:59,000 example does not protect a network from 47 00:03:59,000 --> 00:04:03,000 becoming the target of Smurf attack it 48 00:04:03,000 --> 00:04:07,000 merely prevents the network from 49 00:04:07,000 --> 00:04:12,000 participating in a smurf attack a smurf 50 00:04:12,000 --> 00:04:16,000 amplifier is a computer network that 51 00:04:16,000 --> 00:04:21,000 lends itself to being used in a smurf 52 00:04:21,000 --> 00:04:26,000 attack Smurfs amplifiers asked to worsen 53 00:04:26,000 --> 00:04:29,000 the severity of a smurf attack because 54 00:04:29,000 --> 00:04:32,000 they are configured in such a way that 55 00:04:32,000 --> 00:04:36,000 they generate a large number of attempt 56 00:04:36,000 --> 00:04:41,000 replies to the victim at the spoofed 57 00:04:41,000 --> 00:04:46,000 source IP address a Fraggle attack is a 58 00:04:46,000 --> 00:04:50,000 variation of a smurf attack where an 59 00:04:50,000 --> 00:04:56,000 attacker sends a large amount of ugh 60 00:04:56,000 --> 00:05:02,000 traffic to port 7 echo and 19 target to 61 00:05:02,000 --> 00:05:06,000 an IP broadcast address with the 62 00:05:06,000 --> 00:05:11,000 intended victim spoofed floors IP 63 00:05:11,000 --> 00:05:16,000 address it works very similar to the 64 00:05:16,000 --> 00:05:20,000 Smurf attack in that many computers on 65 00:05:20,000 --> 00:05:24,000 the network will respond to this traffic 66 00:05:24,000 --> 00:05:28,000 by sending traffic back to the spoofed 67 00:05:28,000 --> 00:05:34,000 source IP of the victim flooding it with 68 00:05:34,000 --> 00:05:42,000 traffic fraggle da see the source code 69 00:05:42,000 --> 00:05:46,000 of the attack was also released by freak