Protecting against denial of service attacks, Protecting against smurf attacks, Chapter 35 – Brocade BigIron RX Series Configuration Guide User Manual
Page 1155: Protecting, Against denial of service attacks, Chapter
BigIron RX Series Configuration Guide
1077
53-1002484-04
Chapter
35
Protecting Against Denial of Service Attacks
In this chapter
•
•
Protecting against TCP SYN attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1079
•
Displaying statistics due DoS attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1081
•
In a Denial of Service (DoS) attack, a router is flooded with useless packets, hindering normal
operation. The BigIron RX includes measures for defending against two types of DoS attacks, Smurf
attacks and TCP SYN attacks.
Protecting against Smurf attacks
A Smurf attack is a kind of DoS attack where an attacker causes a victim to be flooded with ICMP
echo (Ping) replies sent from another network.
illustrates how a Smurf attack works.
FIGURE 142
How a Smurf attack floods a victim with ICMP replies
The attacker sends an ICMP echo request packet to the broadcast address of an intermediary
network. The ICMP echo request packet contains the spoofed address of a victim network as its
source. When the ICMP echo request reaches the intermediary network, it is converted to a Layer 2
broadcast and sent to the hosts on the intermediary network. The hosts on the intermediary
network then send ICMP replies to the victim network.
2
1
3
Attacker
Intermediary
Victim
Attacker sends ICMP echo requests to
broadcast address on Intermediary’s
network, spoofing Victim’s IP address
as the source
If Intermediary has directed broadcast
forwarding enabled, ICPM echo requests
are broadcast to hosts on Intermediary’s
network
The hosts on Intermediary’s network
send replies to Victim, inundating Victim
with ICPM packets