|
Possible Smurf attack initiated |
|
|
|
| FAQ | |||
|
|
SummaryPossible Smurf-amplifier attempt; an ICMP echo frame has been sent to a subnet address (x.x.x.0 or x.x.x.255). This may cause a flurry of echo responses, which can overwhelm the network or the systems involved.
Details
A "smurf attack" uses "IP spoofing" in order to broadcast pings to an "amplifier" in order to overwhelm the victim with responses. This is an attempt to use your network as a "smurf amplifier". For example, somebody on a cable-modem segment can send out a broadcast ping to his/her neighbors while spoofing the IP address of a victim. All the neighbors will respond to that victim, overloading the victim's link. In other words, it only costs the attacker one packet to cause thousands of packets to be sent to the victim. See smurf for more information.
False Positives
This is sometimes triggered by people sending out broadcasts on the local segment. This is commonly seen by people inside corporate networks or on cable-modem segments. While this doesn't indicate an attempt to use your network as an amplifier, it does indicate that somebody is attempting discovery operations on your network.
Defense
| more information |
|
| |||||
Version appeared: