Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Smurf Amplification Attack

From: Cedric <mailing-lists () cedric net>
Date: Tue, 29 May 2001 21:07:35 +0200
Hello Ben,

BJ> "Smurf Amplification"

reference to smurf.c, one of the many exploits available
on the "amplification" model.

BJ> What is it Exactly?

people sedning echo request to broadcast adresses in
your networks from SPOOFED source. The poor dude then
receive impressive amount of echo replies he never asked
for. DDoS aimed at bandwidth.

eg : 1 ping to 192.168.3.255 (supposedly C-class)
generates 254 answers (if all the networks is occupied)

BJ> What can I do?

Disable ip directed broadcast at router level.
( cfr cisco docs , smth like no ip directed-broadcast )

have a look at www.netscan.org and securityfocus.com or
rootshell.com (if it's still alive ;))) searching for
"smurf.c"

-- 
 Cedric                            mailto:mailing-lists () cedric net



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: