beautypg.com

Avoiding being an intermediary in a smurf attack, Avoiding being a victim in a smurf attack – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 324

background image

FIGURE 22 How a Smurf attack floods a victim with ICMP replies

The attacker sends an ICMP echo request packet to the broadcast address of an intermediary
network. The ICMP echo request packet contains the spoofed address of a victim network as its
source. When the ICMP echo request reaches the intermediary network, it is converted to a Layer 2
broadcast and sent to the hosts on the intermediary network. The hosts on the intermediary network
then send ICMP replies to the victim network.

For each ICMP echo request packet sent by the attacker, a number of ICMP replies equal to the
number of hosts on the intermediary network are sent to the victim. If the attacker generates a large
volume of ICMP echo request packets, and the intermediary network contains a large number of
hosts, the victim can be overwhelmed with ICMP replies.

Avoiding being an intermediary in a Smurf attack

A Smurf attack relies on the intermediary to broadcast ICMP echo request packets to hosts on a target
subnet. When the ICMP echo request packet arrives at the target subnet, it is converted to a Layer 2
broadcast and sent to the connected hosts. This conversion takes place only when directed broadcast
forwarding is enabled on the device.

To avoid being an intermediary in a Smurf attack, make sure forwarding of directed broadcasts is
disabled on the Brocade device. Directed broadcast forwarding is disabled by default. To disable
directed broadcast forwarding, do one of the following.

device(config)#no ip directed-broadcast

Syntax: [no] ip directed-broadcast

Avoiding being a victim in a Smurf attack

You can configure the Brocade device to drop ICMP packets when excessive numbers are
encountered, as is the case when the device is the victim of a Smurf attack. You can set threshold
values for ICMP packets that are targeted at the router itself or passing through an interface, and drop
them when the thresholds are exceeded.

Avoiding being an intermediary in a Smurf attack

324

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: