mailing list archives
Smurf ,land attacks
From: "charles lindsay" <frostbackeng () lycos com>
Date: Mon, 04 Nov 2002 14:53:05 -0500
Sorry if this is a duplicate -- webmail burped...
SMURF: use an intermediary to flood your victim. Spoof the victim's address and send an ICMP Ping (Echo Request) to a
subnet broadcast address. Each device on the subnet will respond back to what they think is the sender (the victim)
with an ICMP ECHO Reply, flooding the victim.
LAND: set the source and destination IP address (on any packet) both to the victim's IP address. This used to kill
some machines a long time ago (they'd try to send a response to themselves, and either burn a lot of cycles or end up
in a nice tight death spiral).
Spoof: really a technique used in an attack, rather than an attack in itself. The idea is to use a different IP
address than the one assigned to your computer in the source address field of an IP packet you send. So both LAND
and SMURF use spoofing. Another example would be the typical TCP SYN Flood: send a TCP SYN to the victim with a faked
IP address (preferably one that was not assigned, or would not respond). The victim allocates a bunch of memory, sends
back a SYN-ACK, and waits for the ACK that never comes.
LAND isn't particularly effective anymore. SMURF and SYN-Flood are still, because there are lots of machines/subnets
out there that will participate in the attacks. Multiply a SMURF/SYNFlood by several million, mix well, instant DoS.
Multiply by a thousand slaves, and you have a DDoS.
Can someone give the EXACT differences btw
and IP soofing attacks.
Outgrown your current e-mail service? Get 25MB Storage, POP3 Access,
Advanced Spam protection with LYCOS MAIL PLUS.