Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

How to protect against ICMP attacks from a vendor-specific perspective especially Cisco and What are their types?

ICMP is a protocol used for network maintenance stuff but can be used maliciously by sick folks.

user-image
Question added by Ahmad Yassein , Infrastructure Network Manager , Ministry of International Cooperation (MIC)
Date Posted: 2013/11/12
Daoud Daoud
by Daoud Daoud , Information Technology Operations Team Lead , Hikma Pharmaceuticals - Jordan

Smurf

Explanation:

Smurf is a non-OS specific attack that uses a third-party’s network segment tooverwhelm a host with a flood of Internet Control Message Protocol (ICMP) packets.As shown in Exhibit3-3, three parties are involved: the attacker, an intermediarynetwork (preferably, with numerous hosts), and the victim (typically, a computer orrouter on the Internet).1 The hacker sends a ping (echo-request) packet to the intermediary network’sbroadcast address. The packet’s source IP address is faked to be that of thevictim system.2 The ping was sent to the broadcast address of the intermediary network, so everyhost on that subnet replies to the victim’s IP address.3 The third-party’s hosts unwittingly deluge the victim with ping packets.Using this technique, the hacker cannot only overwhelm the computer system receivingthe flood of echo packets, but can also saturate the victim’s Internet connection withbogus traffic and therefore delay or prevent legitimate traffic from reaching itsdestination..

Countermeasures

Protective measures against Smurf attacks can be placed in the network or on individualhosts.• Configure routers to drop ICMP messages from outside the network with adestination of an internal broadcast or multicast address.• Configure hosts to ignore echo requests directed to their subnet broadcastaddress.Most current router and desktop operating systems have protection in place to guardagainst well-known Smurf attacks by default, but changes to the configuration or newmodifications of the attack might make the network and hosts vulnerable

 

I Hope i answered your question

More Questions Like This