Results 1 to 4 of 4

Thread: Smurfing!

  1. #1
    Junior Member
    Join Date
    Mar 2004


    HEY guys....can someone explain to me what is smurfing
    i got this letter from my provider

    Dear User
    Your router has detected and protected you against an attempt to gain access to your network. This may have been an attempted hacker intrusion, or perhaps just your Internet Service Provider doing routine network maintenance. Most of these network probes are nothing to be worried about - these types of random probes should NOT be reported, but you may want to report repeated intrusions attempts. Save this email for comparison with future alert messages.
    Your router Alert Information Time: 08:13:23
    Message: smurf
    Source: 68.94.58.XXX, 1764
    Destination:216.199.XXX.XXX 3531

    the destination is mine and the source is the other guys ip!

    what is the point of smurfing? what can it do?

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Hey Hey,

    First of all you posted in the wrong forum. This should be in Network Security, this forum is for your own tutorials only.

    Anyways, smurfing is an attack that dates back quite a few years now. Basically if you send an ICMP echo request (ping) to a broadcast address, you could get back one reply for every host on the network (on a class B, that would be 65,000 replies). People would go around and build bcast lists (lists of broadcast addresses that would generate more than one reply). Then what you would do is put it into a program called smurf, or papasmurf. There was even a udp attack that was similar called Fraggle (someone loved their kid shows). Anyways you would spoof a ping packet with the victems address to all the hosts in the bcast list and each of them would reply anywhere from 1 to a few thousand times. This ICMP echo reply would be targetted at the victems machine, so for your 1 packet, you've hit the other person with (for simplicities sake we'll use standard numbers) 100 packets. If you sent out 100 packets, you've hit that person with 100 x 100 packets or 10000 packets. You can see where this is going, if you generate a few thousand or a few hundred thousand packets, the victim is going to be hit quite hard.

    Here's a link with lots of info -

    In your case however, they both have ports listed, and it lists and intrustion attempt. I'm not sure why you are seeing the message smurf. What program/device generated that message? Do you have more detailed logs. Most firewalls these days will identify smurf for what it is a DoS, not an intrustion attempt.

    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Senior Member
    Join Date
    Nov 2001
    did your "provider" give you a link to click?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    This doesn't come from the ISP but rather the Router. Is it a SMC router? Plopping the text into Google and doing an explicit search seems to indicate this.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts