Smurf attack – Allied Telesis AT-S63 User Manual

AT-S63 Management Software Features Guide

Section II: Advanced Operations

205

Smurf Attack

This DoS attack is instigated by an attacker sending a ICMP Echo (Ping)
request that has the network’s IP broadcast address as the destination
address and the address of the victim as the source of the ICMP Echo
(Ping) request. This overwhelms the victim with a large number of ICMP
Echo (Ping) replies from the other network nodes.

A switch port defends against this form of attack by examining the
destination IP addresses of ingress ICMP Echo (Ping) request packets
and discarding those that contain the network’s IP broadcast address as a
destination address.

To implement this defense, you must specify an IP address of a node on
your network and a mask. The switch uses the two to determine the
broadcast address of your network.

This defense mechanism does not involve the switch’s CPU. You can
activate it on some or all of the ports without impacting switch
performance.