Vulnerability Development mailing list archives
Re: smurf (stupid question)
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Tue, 19 Sep 2000 09:59:04 +0800
At 09:38 AM 18-09-2000 -0400, Leon Rosenstein wrote:
I was wondering with smurf amplification attacks what would happen if you spoofed your IP as the broadcast address of another smurfable network. Would this cause an ICMP storm / war?? Would the two networks continousally just ping each other??? Anyway it was something I was wondering about. Please feel free to respond in public or private.
I don't think it will work for ping, because with ping you send an ICMP echo, and the target(s) will send ICMP _echo_reply_ packets. But it could work with udp echo, or any other service which uses similar methods to send and answer (symmetrical). <Scenario> So say you have two networks A and B, and all the hosts in A and B reply to broadcast addresses. You send such a packet to A's broadcast address, spoofing B's broadcast. The hosts in A will then send packets to B's broadcast address. But note that these packets have the source addresses of the hosts in A. Each machine in B will then send packets to every machine in A. And vice versa. And if you send one more packet, the bandwidth usage doubles, and so on until packets start getting dropped due to congestion. </scenario> So yes, both networks could possibly keep sending stuff to each other, and bad things could happen. And no, it's not a stupid question. One should thus make sure that stuff destined for broadcast (and special) networks are dropped by the border routers/firewalls. And also try to make sure that machines don't run services which could be abused in that way (not always possible). Have fun, (with your own network ;) ) Link.
Current thread:
- smurf (stupid question) Leon Rosenstein (Sep 18)
- Re: smurf (stupid question) Michel Kaempf (Sep 19)
- Re: smurf (stupid question) alex (Sep 19)
- Re: smurf (stupid question) Lincoln Yeoh (Sep 19)
- Re: smurf (stupid question) Jacek Lipkowski (Sep 20)
- Re: smurf (stupid question) Holger van Koll (Sep 19)
- <Possible follow-ups>
- Re: smurf (stupid question) Vitaly Osipov (Sep 19)
- Re: smurf (stupid question) Guilherme Mesquita (Sep 27)
- Re: smurf (stupid question) Michel Kaempf (Sep 19)