Register now or log in to join your professional community.
ICMP is a protocol used for network maintenance stuff but can be used maliciously by sick folks.
Smurf
Explanation:
Smurf is a non-OS specific attack that uses a third-party’s network segment tooverwhelm a host with a flood of Internet Control Message Protocol (ICMP) packets.As shown in Exhibit3-3, three parties are involved: the attacker, an intermediarynetwork (preferably, with numerous hosts), and the victim (typically, a computer orrouter on the Internet).1 The hacker sends a ping (echo-request) packet to the intermediary network’sbroadcast address. The packet’s source IP address is faked to be that of thevictim system.2 The ping was sent to the broadcast address of the intermediary network, so everyhost on that subnet replies to the victim’s IP address.3 The third-party’s hosts unwittingly deluge the victim with ping packets.Using this technique, the hacker cannot only overwhelm the computer system receivingthe flood of echo packets, but can also saturate the victim’s Internet connection withbogus traffic and therefore delay or prevent legitimate traffic from reaching itsdestination..
Countermeasures
Protective measures against Smurf attacks can be placed in the network or on individualhosts.• Configure routers to drop ICMP messages from outside the network with adestination of an internal broadcast or multicast address.• Configure hosts to ignore echo requests directed to their subnet broadcastaddress.Most current router and desktop operating systems have protection in place to guardagainst well-known Smurf attacks by default, but changes to the configuration or newmodifications of the attack might make the network and hosts vulnerable
I Hope i answered your question