Smurfing

Craig A. Huegen chuegen at quadrunner.com
Sat Feb 14 06:57:30 UTC 1998


On Sat, 14 Feb 1998, William Allen Simpson wrote:

==>Wow, I was glad to see that all these wonderful folks are reading the
==>router requirements (RFC-1812, June 1995).  Good, good.
==>
==>What I'd like to understand is how smurf attacks can work, even with
==>directed broadcast on?  Isn't there a requirement (RFC-1122) from ages
==>past (October 1989) that ICMP not respond to broadcast or multicast
==>[page 38 et seq]?

Nope.  RFC 1122[1] says (also in my paper =):

---
   An ICMP Echo Request destined to an IP broadcast or IP
   multicast address MAY be silently discarded.

   DISCUSSION: 
      This neutral provision results from a passionate debate
      between those who feel that ICMP Echo to a broadcast
      address provides a valuable diagnostic capability and
      those who feel that misuse of this feature can too
      easily create packet storms.
---

Most stack implementors have chosen to respond to it because of its
troubleshooting value; then again, the date of the RFC shows why many
folks would tend to believe the threat of the attack wouldn't be very
large.

/cah

[1] RFC-1122, "Requirements for Internet Hosts - Communication Layers";
    R.T. Braden; October 1989.




More information about the NANOG mailing list