A smurf attack is a Distributed Denial of Services attack, where a server in a client-server architecture is unable to process requests from legitimate users. This unavailability of the server is chiefly because of a lot of requests from an attacker client. In a smurf attack, the attacker takes advantage of the vulnerabilities in the ICMP protocol. It also uses an IP broadcast network to flood the target device with a large number of requests.

Every device which connects to the internet has its unique IP address. This address is essential for communication over the internet. It helps to define the final destination of the packets sent over the internet. In case of a Smurf attack, the attacker spoofs (copies) the address of the victims’ system using smurf malware and sends an ICMP request to a router with IP broadcasting.

How does a Smurf attack work?

Due to IP broadcasting, all the devices connected to the router receive the ICMP ping. Once the devices connected to the router receive the ICMP ping, they send an acknowledgement (echo signal) to the device from which they received the ping. This leads to flooding of acknowledgements at the victims’ system. Due to this distributed flooding of acknowledgements, the victim server is not able to respond to requests from legitimate clients. This attack is given the name of a smurf attack because a large number of small attackers overwhelm a bigger opponent (just like in the Smurfs comics). This attack vector is generally considered a solved vulnerability and is no longer prevalent.

How to protect yourself from the attack?

To prevent your network from being used in a smurf attack, one should Disable IP-directed broadcasts on ones’ router. Alongwith that, one can disallow ICMP responses to IP broadcast requests.

Another way to protect servers is by reconfiguring the perimeter firewall to disallow pings originating from outside the network.

Also read: What is a Teardrop attack and how to prevent it?