Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
First iPhone worm spreads Rick Astley wallpaper
Four reasons to buy (and one reason to avoid) the Droid
Stimulus for tech and telecom $3B, but jobs still guesswork
Cisco MARS shuts out new third-party security devices
Verizon Droid buzz muted in Boston
Week in Google news: Google Dashboard, Droid fever, focus on e-commerce
Cloud computing, virtualization proponents getting antsy
Data center start-up offers energy saving software
Vendors scrambling to fix bug in Net's security
Judge dismisses lawsuit challenging Gartner's Magic Quadrant
Boston Celtics clamp down on spam
Cloud computing inevitable? Not so fast, educator says
Blue Coat slashes staff, buys S7 services company
Apple seeks new sheriff to lock up iPhones
Applications /

Don't smurf me up

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Joel Snyder
Network World on Groupware and Messaging, 01/06/99

Hot new URL of the week: www.netscan.org/. These folks have been up late putting together a software package to check the Internet for "smurf amplifiers." Go there, put in your network number, and find out if you're being naughty or nice.

Smurf, for those of you who think of it as a particularly nauseating blue cartoon character, has a whole new meaning on the Internet. "Smurfing" is one of the meanest denial-of-service attacks out there. Essentially, an attacker sends a packet to an innocent third party (the "smurf amplifier") who then multiplies it 50, 100, or even 1000 times and send the packet on to the victim. That's the non-technical summary in 20 words or less; if you want the real technical description (and you should!), go to the Netscan WWW site where they have a lot of pointers and information about directed broadcast attacks.

A particularly nasty thing about the smurf attack (named after the original tool to launch the attack) is that it's very difficult to trace. In fact, networks which amplify smurf attacks do so because their administrators are not 100% on the ball; these are the administrators who are least likely to have the necessary technical expertise to trace the attack back to the originator.

The worst thing about smurfs is that ISPs are turning off "ping" packets (which are a vital part of smurf's workings) at their upstream feed to immunize themselves. When they do that, one more useful tool for debugging network connectivity is taken from us.

Some folks have already tried to take advantage of the smurf opportunity. Last summer, Andrew Shoemaker (using the e-mail address wrath@jerky.net) embarked on a similar project: finding networks that amplify smurfs. Except that instead of the netscan.org approach, he demanded $100 to fix your routers. Nice money, if you can get it, for information that's available for free on the Internet.

If the netscan.org people are successful, network managers will stop amplifying smurfs, and we can have ping back. Maybe. Do your part ... fix your network.

RELATED LINKS

Joel Snyder is a senior partner with Opus One, a consulting firm in Tucson, Arizona. He spends most of his time on the road helping people build larger, faster, better, and more reliable networks. His professional travels have taken him from San Francisco to St. Petersburg, where he always carries his trusty Macintosh and modem, neither of which have cute names. He is also a member of the Network World Test Alliance and writes extensively on networking topics. Reach him at joel.snyder@opus1.com.

Craig Huegen's smurf/fraggle information page

The IETF RFC on general IP address spoofing DoS attacks, of which smurf is one example

Quick update: Eddie Rabinovitch read the recent newsletter on the science of fighting spam and sent in this URL to a recent IEEE Communications article he wrote on "Dealing with Internet Spam."

Archive of Network World on Groupware and Messaging newsletters


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.