Smurf Flood Attack

The name Smurf comes from the file “smurf.c”, the source code of the attack program, which was released in 1997 by TFreak .

How attack work

The Smurf Attack is a denial  of service attach in which large numbers of Internet Control  Messages Protocol  packets with the spoofed source of victim to several ip broadcast destination addresses  , this will cause all devices in particular subnet to respond to victim ip address , which will cause massive flood on victim . This can slow down the victim’s computer to the point where it becomes impossible to work on.

Untitled

From  figure 1. you can see that the amount of amplification that is achieved varies with number of hosts located on the network . In general, it is difficult to find network that will respond to ICMP or UDP broadcast packets . However , there is a several site’s that do every day scans for broadcast amplifier networks .

Mitigations

You can avoid to be part of this attack by disabling forwarding packets to broadcast of subnets , also individual hosts also can be configured to not respond to such requests .