Saturday, August 27, 2011
What is Smurf attack & How to prevent it ?
Smurf attack is the form of generating uncontrolled amount of traffic in victims network.
The process of smurf attack is as follows:
1. Send huge amount of ICMP request to the broadcast address of the victim network(Directed Broadcast Address).
2. Source IP of the attacker must be spoofed.
3. The ICMP request reach the gateway of the victim network.
4. Each host on the victim network will respond to the ICMP request (Amplifying the ping requests)
5. It creates uncontrollable amount of traffic from victim's network.
6. It will consume the useful bandwidth and the server will be down in few minutes.
How to prevent smurf attack ?
1. Configure individual hosts and routers not to respond to ping requests or broadcasts.
2. Configure routers not to forward packets directed to broadcast addresses.
The process of smurf attack is as follows:
1. Send huge amount of ICMP request to the broadcast address of the victim network(Directed Broadcast Address).
2. Source IP of the attacker must be spoofed.
3. The ICMP request reach the gateway of the victim network.
4. Each host on the victim network will respond to the ICMP request (Amplifying the ping requests)
5. It creates uncontrollable amount of traffic from victim's network.
6. It will consume the useful bandwidth and the server will be down in few minutes.
How to prevent smurf attack ?
1. Configure individual hosts and routers not to respond to ping requests or broadcasts.
2. Configure routers not to forward packets directed to broadcast addresses.
Denial of Service (DOS) attacks
Denial of Service (DOS) attacks are intended to shut down the servers for a period of time. To make site nonfunctional for a time the main part of attack is DOS attack. DOS attacks are usually doing by following methods:
1. Send unlimited amount of packets to the server.
2. Executing malwares
3. Teardrop attack
4. Application level flood
Sending unlimited packets by ping command is also known as ICMP flood. This method can be done in the following way.
A simple DOS attack code would be:
ping {ip} -t -l 20000
On command prompt window you can type the following command. This command sends 20000 bytes of data to the ip, in a single packet. The -t is to ping the specified host until stopped and -l is to specify the buffer size. A Teardrop attack involves sending mangled Internet Packet fragments with overlapping, over-sized, payloads to the target machine. In peer to peer attack thousands of computers will try to access a single computer at the same time. It will break down all the connection from the server at last the target machine will fail. Application level flood is by the mis-programming of an application installed on the server.So it will consume a major portion of server computing power and memory.
DOS attack with ping flood will work only if the following cafeterias are satisfied:
1. Attacker should have higher bandwidth than the victim.
2. Victim should respond to the ping requests
Subscribe to:
Comments (Atom)