Table of Contents
Advertisement
Protecting Against Denial of Service Attacks
In a Denial of Service (DoS) attack, a router is flooded with useless packets, hindering normal operation. Foundry
devices include measures for defending against two types of DoS attacks: Smurf attacks and TCP SYN attacks.
Protecting Against Smurf Attacks
A Smurf attack is a kind of DoS attack where an attacker causes a victim to be flooded with ICMP echo (Ping)
replies sent from another network. Figure A.1 illustrates how a Smurf attack works.
Attacker sends ICMP echo requests to
1
broadcast address on Intermediary's
network, spoofing Victim's IP address
as the source
If Intermediary has directed broadcast
2
forwarding enabled, ICMP echo requests
are broadcast to hosts on Intermediary's
network
Figure A.1
How a Smurf attack floods a victim with ICMP replies
The attacker sends an ICMP echo request packet to the broadcast address of an intermediary network. The ICMP
echo request packet contains the spoofed address of a victim network as its source. When the ICMP echo
request reaches the intermediary network, it is converted to a Layer 2 broadcast and sent to the hosts on the
intermediary network. The hosts on the intermediary network then send ICMP replies to the victim network.
December 2000
Attacker
Intermediary
The hosts on Intermediary's network
3
send replies to Victim,
with ICMP packets
Appendix A
Victim
inundating
Victim
A - 1
- Quick Links:
- Configuring Ip Addresses
Hide quick links:
Advertisement
Chapters
Table of Contents
