Snort mailing list archives
Re: Smurf Amplification Attack
From: Cedric <mailing-lists () cedric net>
Date: Tue, 29 May 2001 21:07:35 +0200
Hello Ben, BJ> "Smurf Amplification" reference to smurf.c, one of the many exploits available on the "amplification" model. BJ> What is it Exactly? people sedning echo request to broadcast adresses in your networks from SPOOFED source. The poor dude then receive impressive amount of echo replies he never asked for. DDoS aimed at bandwidth. eg : 1 ping to 192.168.3.255 (supposedly C-class) generates 254 answers (if all the networks is occupied) BJ> What can I do? Disable ip directed broadcast at router level. ( cfr cisco docs , smth like no ip directed-broadcast ) have a look at www.netscan.org and securityfocus.com or rootshell.com (if it's still alive ;))) searching for "smurf.c" -- Cedric mailto:mailing-lists () cedric net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Smurf Amplification Attack Ben Johansen (May 29)
- Re: Smurf Amplification Attack Cedric (May 29)
- RE: Smurf Amplification Attack Ofir Arkin (May 29)