The small ICMP packet generated by the tool causes big trouble for a victim, hence the name Smurf. The Smurf DDoS Attack took its name from an exploit tool called Smurf widely used back in 1990s. The intended result is to slow down the target’s system to the point that it is inoperable and vulnerable. The phony source address that is now attached to these packets becomes the victim, as their IP is flooded with traffic. When deployed, large packets are created using a technique called “spoofing”. Learn how to prevent a DNS amplification attack.Ī Smurf attack is a form of a DDoS attack that causes packet flood on the victim by exploiting/abusing ICMP protocol. In most attacks of this type observed by US-CERT, the spoofed queries sent by the attacker are of the type, “ANY,” which returns all known information about a DNS zone in a single request.īecause the size of the response is considerably larger than the request, the attacker is able to increase the amount of traffic directed at the victim.īy leveraging a botnet to produce a large number of spoofed DNS queries, an attacker can create an immense amount of traffic with little effort.Īdditionally, because the responses are legitimate data coming from valid servers, it is extremely difficult to prevent these types of attacks. Attackers will typically submit a request for as much zone information as possible to maximize the amplification effect. When the DNS server sends the DNS record response, it is sent instead to the target. The primary technique consists of an attacker sending a DNS name lookup request to an open DNS server with the source address spoofed to be the target’s address. A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS), in which attackers use publically accessible open DNS servers to flood a target system with DNS response traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |