Another common technique for DoS is Smurf attack. Its first appearance dates back in the early 1998. Unlike TCP flooding attack mentioned in the previous article, it does not take advantage of the TCP/IP protocol but the Internet Control Message Protocol (or ICMP for short) instead.

A little of background knowledge…

To easier understand how the attack works, a look through the ICMP is needed. ICMP is invented with the purpose of error reduction in data transmission. This is because in reality, data is not transferred straight from the source to the destination but being forwarded from one router to another before reaching the final receiver. As a result, data is error-prone and in need of the ICMP providing troubleshooting, control and message utilities.

ICMP is often used in connectivity test between devices via Ping command. When computer A pings computer B, it sends B an ICMP packet called ICMP echo request. B, upon receiving this request, sends out a reply to A by another ICMP packet called ICMP echo reply and completes the test with successful result. This is the basic concept.

smurf concept

The more advanced stuff is sending the ICMP echo request to all computers belong to a network, which, as shown in the picture below, are computer B, C and D instead of one specific device, which is computer B in the previous image. This is done by pinging broadcast address. In this case, it is the address of a router acting as a gateway of the net. And by principle, each computer in that network responses back to A with an echo reply.

smurf advanced

So how Smurf works?

By making use of the ICMP connection, it does the job in three steps.

  • First, hacker creates many ICMP echo requests that fake the victim’s address. Then, he or she pings them to many broadcast addresses of different networks.

  • As a result, all Internet-connected devices of these nets receive the requests. And consequently, each of them sends an ICMP echo reply back to the victim.

  • In the end, the victim has to face with a massive number of echo replies that can flood the whole system, making it quickly overloaded and come to a standstill or even crashed.

smurf work

Original author: Doan Thien Phuc


Bùi Quang Điền