This month’s threat is the Smurfs. On July 29, those lovable blue Smurfs come to life in their newest movie, “The Smurfs.” And, as cute as they are, there is another type of Smurf, far more villainous and definitely not adorable. This is the Smurf attack.
A Smurf attack is a type of denial of service (DoS) that leverages a simple ICMP ping echo request. It basically works like this:
A hacker targets an intermediary network to help carry out the attack. Then, the hacker sends a large amount of ping traffic to the broadcast address of the intermediary. They key is that the ping requests have a spoofed IP address of the real target/victim. The intermediary delivers the broadcast ping to all hosts on its network (subnet), and as you know, with every ping, there is always a return response. And suddenly – WHAM – the return response pings come from ALL the computers on the intermediary network and go directly to the target/victim. It’s a simple attack, but effective.
The good news is that Smurfs are easily stopped. First, use a WatchGuard firewall to filter outbound traffic, which can be easily configured to stop anyone on the network from sending source-spoofed packets. Secondly, use the “no ip directed-broadcast” or the “ip verify unicast reverse-path” command on your routers. This will help your network from becoming an intermediary target.
By filtering outbound traffic and configuring routers properly, we can all enjoy the Smurfs where they should be – the movies.