Cyber attacks, DDoS attack

​Facts about Smurf attack you need to know

This title can be tricky. But not to disappoint you, this is not a gaming tutorial. The Smurf attack is everything but fun. It’s a dangerous cyber attack that must be taken seriously. 

Facts about Smurf attack

Be aware and protect your business, your investment, and your image! Here you have the main facts about the Smurf attack you need to know!

How to detect the Smurf attack?

  • The Smurf attack is a dangerous distributed denial of service or DDoS attack.
  • Its name comes from the malware that makes it possible to execute, the Smurf malware. 
  • It’s a protocol-based DDoS, meaning the type of attack that exploits weaknesses mainly in the network layer (layer 3), but it can also work in the transport layer (layer 4) of the OSI (Open Systems Interconnection) model. 
  • Shortly, the Smurf attack is a criminal operation that looks to shut down computer networks and deny service to legitimate users. Commonly, it operates by exploiting a vulnerability on the ICMP (Internet Control Message Protocol). 
  • The Smurf attack’s purpose is to flood a server by sending a huge load of requests, ping data packets via the ICMP. How? Well, first, a forged victim’s IP address is created with the Smurf malware. It’s used to send requests to one computer or multiple ones. All the computers receiving the requests will respond to the server (target), multiplying the traffic. The server’s resources will be highly demanded, and eventually, it will go down.
  • Ping data packets are sent to a computer network through an IP broadcast address. It helps to send all the information to every machine on a subnet, instead of sending it only to a specific computer. 
  • The possibilities to amplify a Smurf attack rely on the number of devices in the intermediate network (IP broadcast). 
  • ICMP’s functionality helps computer networks to detect communication issues. It allows to identify and report errors through data packets (messages) when data can’t be correctly delivered. The downside of ICMP is it does not include a security handshake. 
  • To have ICMP data packets traveling across networks is normal since the ICMP is a very used protocol. This becomes an advantage for attackers because firewalls, in normal conditions, won’t stop ICMP packets just because.
  • The ping command uses ICMP and can test devices connected to networks. It helps to know if a machine is reachable. You just send an echo request to that machine and wait for the echo reply. The fact that ICMP doesn’t handshake brings a vulnerability. Machines can’t verify if the requests they get are legitimate.
  • You can prevent a Smurf attack! Monitoring is critical to correctly identify normal and abnormal demands of resources and traffic patterns of your business. Symptoms are alerts! The crash of a router or server, high bandwidth consumption, high and uncommon volume, etc.
  • Redundancy and an adequate load balancer can prevent or mitigate Smurf attacks.
  • Yes! You can do more to be safe. Configure devices not to respond to ICMP echo requests. Set up the OS not to allow IP broadcast requests. Define a firewall perimeter for blocking pings coming from outside the network. Don’t allow directed broadcast traffic attempting to access the network. 

Conclusion.

Now you have the facts about the Smurf attack you need to know for protecting your business. Knowing how the enemy operates, you can build an efficient security strategy. Do it today! To underestimate a DDoS threat is too risky!