Friday, May 11, 2018

How to prevent a Smurf attack


What is a Smurf attack?

A Smurf attack is a type of denial of service attack in which a system is flooded with spoofed ping messages. This creates high computer network traffic on the victim’s network, overwhelming the target.

The intended result is to slow down the target’s system to the point that it is inoperable, and vulnerable. The Smurf program accomplishes this by exploiting vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols (ICMP).

How does it work?

It's possible to accidentally download the Smurf Trojan from an unverified website or via an infected email link. Usually, the program will remain dormant on a computer until activated by a remote user;
Smurf attacks target a router that interacts with a high number of devices. 

The attacker then deploys large ICMP requests to the router, causing the connected devices to respond to the ping. The spoofed IP address that is attached to these packets is forced to absorb the echoes, which is a result of connected devices responding to the ping.

Any device connected to this router that is trained to respond to the ping will be unable to recognize the spoofed IP addresses.

Hackers gain access to the systems that are connected to their original target, slowing down a larger subset of the - this would not be possible by attacking just one victim.




How to prevent a Smurf attack?

Dealing with Smurf and similar DDoS attacks requires a prevention strategy that can monitor network traffic and detect any oddities, for example packet volume, behavior and signature. The right security service can help shut down a Smurf or other DDoS attack before it begins.

Therefore, you should install an antivirus and an anti-malware protection on time to effectively prevent all types of attacks.

You can protect yourself from a Smurf attack by blocking directed broadcast traffic that is coming into the network.

You should also disable IP broadcast addressing at each network router since it is seldom used. Make sure to configure hosts and routers not to respond to ICMP echo requests.


Stay safe with Zemana :)




No comments:

Post a Comment