Amplification attack: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Howard C. Berkowitz
(added RFC to change default for directed broadcast)
mNo edit summary
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{subpages}}
{{PropDel}}<br><br>{{subpages}}
One of the means of carrying out a hostile attack against computers and computer networks is the '''amplification attack'''. In such an attack, the [[miscreant]] need not send large volumes of direct offense against the targeted system, but exploits some aspect of its design to cause it to flood itself with the response to the crafted attack.
One of the means of carrying out a hostile attack against computers and computer networks is the '''amplification attack'''. In such an attack, the [[miscreant]] need not send large volumes of direct offense against the targeted system, but exploits some aspect of its design to cause it to flood itself with the response to the crafted attack. This is one form of [[denial of service]] attack; the miscreant's objective is to take down the system rather than to make illicit use of it himself.
 
==smurf==
==smurf==
The "smurf" exploit, which should no longer be possible in any well-maintained network, exploited a feature of [[Internet Protocol version 4]] called the [[directed broadcast]]. This feature caused all hosts on a [[subnet]] to treat an destination address, with the host field set to all ones, as intended for every machine on the subnet.  If a simple query such as the [[Internet Message Control Protocol]] echo request packet is sent to every host, every host generated an echo reply in response. For a moderate-sized subnet, sending a single ICMP echo request could generate hundreds of replies. The amplified volume of the replies do the damage, not what the miscreant sends: their volume attacks the return-path bandwidth.
The "smurf" exploit, which should no longer be possible in any well-maintained network, exploited a feature of [[Internet Protocol version 4]] called the [[directed broadcast]]. This feature caused all hosts on a [[subnet]] to treat an destination address, with the host field set to all ones, as intended for every machine on the subnet.  If a simple query such as the [[Internet Message Control Protocol]] echo request packet is sent to every host, every host generated an echo reply in response. For a moderate-sized subnet, sending a single ICMP echo request could generate hundreds of replies. The amplified volume of the replies do the damage, not what the miscreant sends: their volume attacks the return-path bandwidth.
Line 11: Line 12:


==References==
==References==
{{reflist}}
{{reflist}}[[Category:Suggestion Bot Tag]]

Latest revision as of 06:00, 10 July 2024

This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.


This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

One of the means of carrying out a hostile attack against computers and computer networks is the amplification attack. In such an attack, the miscreant need not send large volumes of direct offense against the targeted system, but exploits some aspect of its design to cause it to flood itself with the response to the crafted attack. This is one form of denial of service attack; the miscreant's objective is to take down the system rather than to make illicit use of it himself.

smurf

The "smurf" exploit, which should no longer be possible in any well-maintained network, exploited a feature of Internet Protocol version 4 called the directed broadcast. This feature caused all hosts on a subnet to treat an destination address, with the host field set to all ones, as intended for every machine on the subnet. If a simple query such as the Internet Message Control Protocol echo request packet is sent to every host, every host generated an echo reply in response. For a moderate-sized subnet, sending a single ICMP echo request could generate hundreds of replies. The amplified volume of the replies do the damage, not what the miscreant sends: their volume attacks the return-path bandwidth.

Smurfs were defeated by changing the IPv4 specification to make the default behavior for routers not to forward directed broadcasts.[1]

References