|Table of Contents|

A Study on Smurf Attack and Its Countermeasures(PDF)

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

Issue:
2002年05期
Page:
512-516
Research Field:
Publishing date:
2002-10-30

Info

Title:
A Study on Smurf Attack and Its Countermeasures
Author(s):
XuYonghong ZhangKun YangYun LiuFengyu
Department of Computer Science and Technology,NUST,Nanjing 210094
Keywords:
denial of serv ice Smurf at tack network security
PACS:
TP393.08
DOI:
-
Abstract:
Smurf at tack is one common method among distributed denial of serviceattacks. U t ilizing the bugs of TCP/ IP protocol together w ith spoofed IP address and ICMP echo, this at tack method produces large amount of data packets, w hich w ill lead to serious network congestion and resource consuming. Then, the at tacked system w ill deny service for leg al user. By analyzing the principles of Smurf attack, this paper proposes the detect ion method and defense technology of this at tack.

References:

1  Computer emergency response team. Cer t adv isory - 2000. Denial of ser vice developments.http: / / w ww . cer t. org/ advisories/ CA- 2000- 01. html
2  Heberlein L T, Bisho p M. In: Ellen F. Attack class: address spoofing. Proceedings of the 19th National Informat ion Systems Securit y Conference. Balt imo re: Johns Hopkins University Pr ess,1996. 371~ 377
3  Cr aig A. T he latest in denial of ser vice attacks: "smurfing" descript ion and information to mini-mize effects. http: / / w ww . pentics. net/ - denial- of- service/ white- papers/smur f. cgi
4  Ferg uson P, Senie D. Networ k ingress filtering: defeating denial of service attacks, which employ IP sour ce addr ess spoofing. RFC2267- 1998. ww w. landfield. com/ rfcs/ r fc2267. html
5 Dietr ich Long S, Dittrich N. In: Brian B, Robert G. Analyzing distr ibuted denial of ser vice tools: the Shaft case. Pro ceedings of 14th Systems Administration Conference. Berkeley:USENIX Assoc, 2000. 329~ 339
6 Senie D. Changing the default for directed broadcasts in routers. RFC2644 - 1999. http: / /ww w. ietf. org/ rfc
7 Par k K, Lee H. I n: Madacan N K, Deutsch S, Mer kle C L. On the effectiveness of route- based packet filtering for distr ibuted DoS attack prevention in pow er- law Internets. ACMSIGCOMM 2001 Conference. USA: ACM, 2001. 15~ 26

Memo

Memo:
-
Last Update: 2002-10-30