DefenseArk #ThreatIntelThursday | Smurf Attacks
This article is part of #ThreatIntelThursday @OpenAVN, an ongoing series that offers readers authoritative, but easily digestible, information about different malware, how they might be vulnerable to attacks, and what they can do to protect themselves. To read past Threat Intel Thursdays articles, click here. (We suggest starting from Week 1: Malware.)
Smurf Attacks
Smurf attacks use the Internet Control Messaging Protocol (ICMP), used by common network utilities such as ping and traceroute, to perform a [distributed] denial of service attack on the target system or network. In a Smurf attack, the attacker sends a directed broadcast ICMP echo request, i.e. a ping packet to an entire network of dozens, hundreds, or even thousands of hosts (networked systems), with a spoofed IP (network) source address. The directed broadcast is a single packet that uses the destination network address of the intermediary network to cause that intermediary network to send many, many more ICMP echo response packets responding to a single ICMP echo request.
Smurf attacks get their name from — you guessed it! — the animated blue creatures we all know and love. Because this type of attack involves a swarm of small messages being sent out all at once, it was called a “smurf attack,” putting computer users in mind of seemingly-innocent creatures that can cause great harm when attacking en masse.
Fraggle Attacks
Fraggle attacks work similarly to Smurf attacks except that Fraggle attacks use UDP packs forwarded to the directed broadcast address using User Datagram Protocol (UDP) packets rather than ICMP packets.
Amplification Attack
Smurf attacks are a form of distributed denial of service (DDoS) attacks in that the attack uses multiple (intermediary) systems to simultaneously access the target system thus inundating that target host with more traffic than it can handle. Because the attacker’s system transmits a single packet and the target receives many, many more packets, Smurf attacks are known as amplification attacks.
Vulnerability
Most networks would not be vulnerable to Smurf attacks or Fraggle attacks because all routers produced in the twenty first century do not, by default, forward traffic based on a directed broadcast address.
BrightScan has been optimized for Windows 7, for just this reason. We recognize that while technology is evolving faster than ever, many small business and enterprises have difficulty turning over their computer network at the current rate, leaving their legacy machines vulnerable to cyber attacks. While we may think of “vintage” threats like teardrop attacks as a thing of the past, it’s important to remember that legacy machines can still be vulnerable, and to look for an endpoint protection platform that keeps you protected no matter what.
Contact our Head of Sales, Jourdan Parkinson, to schedule a free demo of our cloud-based EPP, BrightScan, or just to chat about how our products can work for you.
For more of the latest in cybersecurity, subscribe to DefenseArk’s blog right here on Medium. In addition to Threat-Intel Thursdays, we also write about breaking news, thought leadership, and deep-dives into cyber intel.
About the Author: Ted Udelson, PMP, CISSP, Security+, Network+, A+ is the chief learning officer and cofounder of Succinctive Training, LLC. Ted is also the author of “The Complete, Compact CISSP Study Program: How to Pass the Damn Exam!” Ted brings his over 35 years of experience in information security and technology to inform his writing for #threatintelthursday.
