ICMP: Smurf DoS
This protocol anomaly is an ICMP packet sent to a destination IP of 255.255.255.255 or to an all broadcast MAC address (ff:ff:ff:ff:ff:ff). Because this is a broadcast packet, all hosts in the broadcast segment reply to the sender, causing a denial-of-service (DoS) on the network. Attackers typically spoof the source IP of the packet to generate this attack.
Extended Description
The "Smurf" denial of service exploits the existance, and forwarding of, packets sent to IP broadcast addreses. By creating an ICMP echo request packet, with the source address set to an IP within the network to be attacked, and the destination address the IP broadcast address of a network which will forward and respond to ICMP echo packets sent to broadcast. Each packet sent in to the network being used to conduct the attack will be responded to by any machine which will respond to ICMP on the broadcast address. Therefore, a single packet can result in an overwhelming response count, all of which are directed to the network the attacker has forged as the source. This can result in significant bandwidth loss.
Affected Products
Digital unix
Short Name
ICMP:EXPLOIT:LAN-SMURF
Severity
Major
Recommended
False
Recommended Action
None
Category
ICMP
Keywords
CA-1998-01 CVE-1999-0513 bid:147 icmp lan smurf
Release Date
01/29/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Ibm
Sun
Hp
Digital
Freebsd
Linux
Netbsd
CVSS Score
5.0