The Smurf attack is a type of denial-of-service attack that floods a network using spoofed broadcast ping messages. The attacker sends a large amount of ping requests to a router or server, but spoofs (fakes) the sending IP address, so the servers start sending messages back and forth, flooding the network with requests. They multiply the damage by using a broadcast ping, which requires sending a reply back to every server on the network–and when there are many servers sending messages to every server, the network quickly overloads.
The name “Smurf” comes from the name of one of the hacker applications used to start the attacks. Thankfully these attacks are easily preventable, and aren’t a problem anymore, because routers are usually configured not to forward those types of packets, and many networks configure their servers to ignore ping requests.
- By Lowell Heddings on 09/5/12