Smurfing!

[w00kies]

HEY guys....can someone explain to me what is smurfing
i got this letter from my provider

Dear User
Your router has detected and protected you against an attempt to gain access to your network. This may have been an attempted hacker intrusion, or perhaps just your Internet Service Provider doing routine network maintenance. Most of these network probes are nothing to be worried about - these types of random probes should NOT be reported, but you may want to report repeated intrusions attempts. Save this email for comparison with future alert messages.
Your router Alert Information Time: 08:13:23
Message: smurf
Source: 68.94.58.XXX, 1764
Destination:216.199.XXX.XXX 3531

the destination is mine and the source is the other guys ip!

what is the point of smurfing? what can it do?
thankss

[HTRegz]

Hey Hey,


First of all you posted in the wrong forum. This should be in Network Security, this forum is for your own tutorials only.

Anyways, smurfing is an attack that dates back quite a few years now. Basically if you send an ICMP echo request (ping) to a broadcast address, you could get back one reply for every host on the network (on a class B, that would be 65,000 replies). People would go around and build bcast lists (lists of broadcast addresses that would generate more than one reply). Then what you would do is put it into a program called smurf, or papasmurf. There was even a udp attack that was similar called Fraggle (someone loved their kid shows). Anyways you would spoof a ping packet with the victems address to all the hosts in the bcast list and each of them would reply anywhere from 1 to a few thousand times. This ICMP echo reply would be targetted at the victems machine, so for your 1 packet, you've hit the other person with (for simplicities sake we'll use standard numbers) 100 packets. If you sent out 100 packets, you've hit that person with 100 x 100 packets or 10000 packets. You can see where this is going, if you generate a few thousand or a few hundred thousand packets, the victim is going to be hit quite hard.

[EDIT]
Here's a link with lots of info - http://pintday.org/whitepapers/dos-smurf.shtml
[/EDIT]

In your case however, they both have ports listed, and it lists and intrustion attempt. I'm not sure why you are seeing the message smurf. What program/device generated that message? Do you have more detailed logs. Most firewalls these days will identify smurf for what it is a DoS, not an intrustion attempt.

Peace,
HT

[Tedob1]

did your "provider" give you a link to click?

[MrLinus]

This doesn't come from the ISP but rather the Router. Is it a SMC router? Plopping the text into Google and doing an explicit search seems to indicate this.