Home page logo

basics logo Security Basics mailing list archives

Smurf ,land attacks
From: "charles lindsay" <frostbackeng () lycos com>
Date: Mon, 04 Nov 2002 14:53:05 -0500

Sorry if this is a duplicate -- webmail burped...

SMURF: use an intermediary to flood your victim.  Spoof the victim's address and send an ICMP Ping (Echo Request) to a 
subnet broadcast address.  Each device on the subnet will respond back to what they think is the sender (the victim) 
with an ICMP ECHO Reply, flooding the victim.

LAND: set the source and destination IP address (on any packet) both to the victim's IP address.  This used to kill 
some machines a long time ago (they'd try to send a response to themselves, and either burn a lot of cycles or end up 
in a nice tight death spiral).

Spoof: really a technique used in an attack, rather than an attack in itself.  The idea is to use a different IP 
address than the one assigned to your computer in the source address field of an IP packet you send.    So both LAND 
and SMURF use spoofing.  Another example would be the typical TCP SYN Flood: send a TCP SYN to the victim with a faked 
IP address (preferably one that was not assigned, or would not respond).  The victim allocates a bunch of memory, sends 
back a SYN-ACK, and waits for the ACK that never comes.

LAND isn't particularly effective anymore.  SMURF and SYN-Flood are still, because there are lots of machines/subnets 
out there that will participate in the attacks.  Multiply a SMURF/SYNFlood by several million, mix well, instant DoS.  
Multiply by a thousand slaves, and you have a DDoS.

Hi list,

Can someone give the EXACT differences btw

and IP soofing attacks.


Outgrown your current e-mail service? Get 25MB Storage, POP3 Access,
Advanced Spam protection with LYCOS MAIL PLUS.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]