From Wikipedia:
The Smurf attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a system via spoofed broadcast ping messages.
This attack relies on a perpetrator sending a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts (for example via a layer 2 broadcast), most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding.
Use -b option:
ping -b 255.255.255.255
There are some special multicast groups:
224.0.0.1 is the all-hosts group. If you ping that group, all multicast capable hosts on the network should answer, as every multicast capable host must join that group at start-up on all it's multicast capable interfaces.
224.0.0.2 is the all-routers group. All multicast routers must join that group on all it's multicast capable interfaces.
224.0.0.4 is the all DVMRP routers, 224.0.0.5 the all OSPF routers, 224.0.013 the all PIM routers, etc.
All this special multicast groups are regularly published in the "Assigned Numbers" RFC.
If you don't receive a reply it may be because the machines are ignoring the broadcast pings. You can change this setting in Linux by typing
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
The Smurf attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a system via spoofed broadcast ping messages.
This attack relies on a perpetrator sending a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts (for example via a layer 2 broadcast), most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding.
Use -b option:
ping -b 255.255.255.255
There are some special multicast groups:
224.0.0.1 is the all-hosts group. If you ping that group, all multicast capable hosts on the network should answer, as every multicast capable host must join that group at start-up on all it's multicast capable interfaces.
224.0.0.2 is the all-routers group. All multicast routers must join that group on all it's multicast capable interfaces.
224.0.0.4 is the all DVMRP routers, 224.0.0.5 the all OSPF routers, 224.0.013 the all PIM routers, etc.
All this special multicast groups are regularly published in the "Assigned Numbers" RFC.
If you don't receive a reply it may be because the machines are ignoring the broadcast pings. You can change this setting in Linux by typing
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
No comments:
Post a Comment