Smurf attack, Land attack, Smurf attack land attack – Allied Telesis AT-S63 User Manual
Page 381

AT-S63 Management Software Menus Interface User’s Guide
Section II: Advanced Operations
381
Smurf Attack
This DoS attack is instigated by an attacker sending a ICMP Echo (Ping) 
request containing the network’s IP broadcast address as the destination 
address and the address of the victim as the source of the ICMP Echo 
(Ping) request. This overwhelms the victim with a large number of ICMP 
Echo (Ping) replies from the other network nodes.
A switch port defends against this form of attack by examining the 
destination IP addresses of ingress ICMP Echo (Ping) request packets 
and discarding those that contain the network’s IP broadcast address as a 
destination address.
Implementing this defense requires an IP address of a node on your 
network and a mask. The switch uses the two to determine the broadcast 
address of your network.
This defense mechanism does not involve the switch’s CPU. You can 
activate it on as many ports as you want without having it negatively 
impact switch performance.
Land Attack
In this attack, an attacker sends a bogus IP packet where the source and 
destination IP addresses are the same. This leaves the victim thinking that 
it is sending a message to itself.
The most direct approach for defending against this form of attack is for 
the AT-S63 management software to check the source and destination IP 
addresses in the IP packets, searching for and discarding those with 
identical source and destination addresses. But this would require too 
much processing by the switch’s CPU and would adversely impact switch 
performance.
Instead, the switch examines the IP packets that are entering and leaving 
your network. IP packets generated within your network and containing a 
local IP address as the destination address are not allowed to leave the 
network, and IP packets generated outside the network but containing a 
local IP address as the source address are not allowed into the network.
In order for this defense mechanism to work, you need to specify an uplink 
port. This is the port on the switch that is connected to a device, such as a 
DSL router, that leads outside your network. You can specify only one 
uplink port.
Note
If the switch is not connected to a device that leads outside your 
network, you should not use this defense mechanism.
You also need to enter the IP address of one of your network devices as 
well as a mask which the switch uses to differentiate between the network 
portion and node portion of the address. The switch uses the IP address 
and mask to determine which IP addresses are local to your network and 
which are from outside you network.
