Smurf attack

A Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address.

[1] Most devices on a network will, by default, respond to this by sending a reply to the source IP address.

If the number of machines on the network that receive and respond to these packets is very large, the victim's computer will be flooded with traffic.

The original tool for creating a Smurf attack was written by Dan Moschuk (alias TFreak) in 1997.

[2][3] In the late 1990s, many IP networks would participate in Smurf attacks if prompted (that is, they would respond to ICMP requests sent to broadcast addresses).

In DDoS, amplification is the degree of bandwidth enhancement that an original attack traffic undergoes (with the help of Smurf amplifiers) during its transmission towards the victim computer.

[5] Under the assumption no countermeasures are taken to dampen the effect of a Smurf attack, this is what happens in the target network with n active hosts (that will respond to ICMP echo requests).

[6] The fix is two-fold: It's also important for ISPs to implement ingress filtering, which rejects the attacking packets on the basis of the forged source address.

Diagram of the attack