[Moderator: I include this because it is a quick and well written
description of how the "smurf" Denial of Service attack works. I also
want to warn people that a new DoS script called "fraggle" is being used
against many networks right now (including my upstream). Keep an eye out
for these attacks and watch your vendor's sites for update/patch
information where applicable.]
---------- Forwarded message ----------
From: Matt Hallacy <poptix@cybernet.ings.com>
Date: Mon, 30 Mar 1998 10:33:20 -0600
The way a 'smurf' works, is:
A = Attacker
B-F = Broadcast machines
V = Victim
A->->B
C-E
V<-<-D-F
Attacker forges an ICMP_ECHO_Request to the Broadcast machines
address with Victim's IP address as the sender, Broadcast machines
respond with ICMP_ECHO_Reply to Victim's address causing his internet
link to be saturated. The 'bandwidth multiplier' is calculated
by: A(b) * B(c)
b = bandwidth
c = count
a 1k packet sent to a group of 5 broadcast machines will
respond with (1024+8)*5 (5160 bytes) (8 routing bytes)
so, it doesn't matter what kind of connection you have, you're limited
by its maximum throughput (and no program is going to increase that,
only use more broadcast addresses, which smurf does)
Matt Hallacy
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated
Received on Mon Mar 30 16:54:51 1998