Vulnerability Development mailing list archives
Re: smurf (stupid question)
From: Holger van Koll <holger () VANKOLL DE>
Date: Mon, 18 Sep 2000 20:37:19 +0200
Leon, please dont use html in mailing-lists. Thank you.
I was wondering with smurf amplification attacks what would happen if you spoofed your IP as the broadcast address of another smurfable network. Would this cause an ICMP storm / war?? Would the two networks continousally just ping each other???
No. F.e. if the ip-networks 100.100.100/24 and 100.100.101/24 were "smurfable", the following would happen: 1st paket: Source-ip 100.100.100.255 , Dest-IP 100.100.101.255 ( or .0 instead of .255 ) Replies: Source-ip 100.100.101.x , Dest-IP 100.100.100.255 ( x is the host-address of every host that responded ) At this point you might expect Next pakets: Source-IP 100.100.100.y , Dest-IP 100.100.101.x etc.etc. but this wont happen as the reply is an icmp-echo-reply paket where no host will respond to. Holger
Current thread:
- smurf (stupid question) Leon Rosenstein (Sep 18)
- Re: smurf (stupid question) Michel Kaempf (Sep 19)
- Re: smurf (stupid question) alex (Sep 19)
- Re: smurf (stupid question) Lincoln Yeoh (Sep 19)
- Re: smurf (stupid question) Jacek Lipkowski (Sep 20)
- Re: smurf (stupid question) Holger van Koll (Sep 19)
- <Possible follow-ups>
- Re: smurf (stupid question) Vitaly Osipov (Sep 19)
- Re: smurf (stupid question) Guilherme Mesquita (Sep 27)
- Re: smurf (stupid question) Michel Kaempf (Sep 19)