Craig A. Huegen
<chuegen@cisco.com>
Smurf Attack Description &
Supression
NANOG 11 4
Multiplied Bandwidth
•Perpetrator
has T1 bandwidth available (typically a cracked account), and uses half of it (768 Kbps) to send spoofed
packets, half to bounce site 1, half
to bounce site 2
•Bounce
site 1 has a switched co-location network of 80 hosts and T3 connection to net
•Bounce
site 2 has a switched co-location network of 100 hosts and T3 connection to net
•(384
Kbps * 80 hosts) = 30 Mbps outbound traffic for bounce site 1
•(384
Kbps * 100 hosts) = 37.5 Mbps outbound traffic for bounce site 2
•Victim is
pounded with 67.5 Mbps (!) from half a T1!