Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
Four crazy tech ideas from Google's Solve for X project
Obama 2012 campaign playlist revealed courtesy of Spotify
Oracle buying Taleo for US$1.9 billion in direct hit at SAP
Amazon attacks Apple: You get 3 Kindle products for price of iPad 2
Pre-rendered pages highlight latest Google Chrome release
Microsoft exec: Lync-Skype integration a 'compelling opportunity'
The future of hypervisors
/

Don't smurf me up

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Joel Snyder
Network World on Groupware and Messaging, 01/06/99

Hot new URL of the week: www.netscan.org/. These folks have been up late putting together a software package to check the Internet for "smurf amplifiers." Go there, put in your network number, and find out if you're being naughty or nice.

Smurf, for those of you who think of it as a particularly nauseating blue cartoon character, has a whole new meaning on the Internet. "Smurfing" is one of the meanest denial-of-service attacks out there. Essentially, an attacker sends a packet to an innocent third party (the "smurf amplifier") who then multiplies it 50, 100, or even 1000 times and send the packet on to the victim. That's the non-technical summary in 20 words or less; if you want the real technical description (and you should!), go to the Netscan WWW site where they have a lot of pointers and information about directed broadcast attacks.

A particularly nasty thing about the smurf attack (named after the original tool to launch the attack) is that it's very difficult to trace. In fact, networks which amplify smurf attacks do so because their administrators are not 100% on the ball; these are the administrators who are least likely to have the necessary technical expertise to trace the attack back to the originator.

The worst thing about smurfs is that ISPs are turning off "ping" packets (which are a vital part of smurf's workings) at their upstream feed to immunize themselves. When they do that, one more useful tool for debugging network connectivity is taken from us.

Some folks have already tried to take advantage of the smurf opportunity. Last summer, Andrew Shoemaker (using the e-mail address wrath@jerky.net) embarked on a similar project: finding networks that amplify smurfs. Except that instead of the netscan.org approach, he demanded $100 to fix your routers. Nice money, if you can get it, for information that's available for free on the Internet.

If the netscan.org people are successful, network managers will stop amplifying smurfs, and we can have ping back. Maybe. Do your part ... fix your network.

RELATED LINKS

Joel Snyder is a senior partner with Opus One, a consulting firm in Tucson, Arizona. He spends most of his time on the road helping people build larger, faster, better, and more reliable networks. His professional travels have taken him from San Francisco to St. Petersburg, where he always carries his trusty Macintosh and modem, neither of which have cute names. He is also a member of the Network World Test Alliance and writes extensively on networking topics. Reach him at joel.snyder@opus1.com.

Craig Huegen's smurf/fraggle information page

The IETF RFC on general IP address spoofing DoS attacks, of which smurf is one example

Quick update: Eddie Rabinovitch read the recent newsletter on the science of fighting spam and sent in this URL to a recent IEEE Communications article he wrote on "Dealing with Internet Spam."

Archive of Network World on Groupware and Messaging newsletters


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.