Craig A. Huegen
<chuegen@cisco.com>
Network-Based Denial of Service
Attacks
NANOG 12 5
“Smurfing”
•Very
dangerous attack
Network-based,
fills access pipes
Uses ICMP
echo/reply packets with broadcast networks to multiply traffic
Requires the
ability to send spoofed packets
•Abuses
“bounce-sites” to attack victims
Traffic
multiplied by a factor of 50 to 200
Low-bandwidth
source can kill high-bandwidth connections
•Similar
to ping flooding, UDP flooding but more dangerous
due to traffic multiplication