# Smurf Attack getting serious

#### joeyd999

Joined Jun 6, 2011
4,477
I'm moving into 12.04 in about 3 minutes.
And you'll still be 3.5 years behind the curve. 12.04 is LTS, though, so you'll be ok.

#### joeyd999

Joined Jun 6, 2011
4,477
Welcome to the world of Linux, w[h]ere nothing is easy and everything you do takes 10 times longer than before!
Things take me 20x longer on Windows.

#### mcgyvr

Joined Oct 15, 2009
5,394
Silly Script Kiddies... I get ~100-200 attempts daily on my web and mail servers..
I love fail2ban..

#### eetech00

Joined Jun 8, 2013
2,280
iptables will help but won't protect Linux from smurf attack. It has to be handled by by Internet router or firewall. The attack uses a directed broadcast to obtain internal addresses then uses those addresses to target a dos attack at internal machines. The attack has to prevented at the internet router to be effective.

#### joeyd999

Joined Jun 6, 2011
4,477
It has to be handled by by Internet router or firewall.
What the heck do you think Linux is?

#### #12

Joined Nov 30, 2010
18,217
And you'll still be 3.5 years behind the curve. 12.04 is LTS, though, so you'll be ok.
So, now I have 15.04. Fast enough for you?
Looks like 15.10 is available...only one update click to get it, right?

#### #12

Joined Nov 30, 2010
18,217
If you have your own router, turn off the directed subnet broadcast capability.
I don't even see an option for "subnet broadcasting".
Netgear WGR614-Ver10

Somebody gave me a Cisco router today. Maybe I can install that.

#### #12

Joined Nov 30, 2010
18,217
Install virtualbox. Then you can run Windows 'as an application'
I think I'm gonna havto in order to get my printer to work. No drivers in Ubuntu for a Canon 4150 laser printer.

#### joeyd999

Joined Jun 6, 2011
4,477
I think I'm gonna havto in order to get my printer to work. No drivers in Ubuntu for a Canon 4150 laser printer.
I don't believe it's impossible. What's the full model number?

#### #12

Joined Nov 30, 2010
18,217
Canon ImageCLASS MF4150 Laser Multifunction
At least that's what's on the front. Should I look on the back?

F149200

#### joeyd999

Joined Jun 6, 2011
4,477
Canon ImageCLASS MF4150 Laser Multifunction
At least that's what's on the front. Should I look on the back?
That's fine. I'm not home. I'll see if I can find instructions for you later.

#12

#### joeyd999

Joined Jun 6, 2011
4,477
So, now I have 15.04. Fast enough for you?
Looks like 15.10 is available...only one update click to get it, right?
Yes. But you did it the long, hard way.

#### #12

Joined Nov 30, 2010
18,217
you did it the long, hard way.
It was that instruction that said you can only upgrade by one level at a time. I eventually figured out to just download a disk image of 15.04 and install it.

#### joeyd999

Joined Jun 6, 2011
4,477
Try the attached CUPS driver. It might work.

Remove the .txt extension before use, btw.

#### Attachments

• 15.1 KB Views: 7

#### eetech00

Joined Jun 8, 2013
2,280

#### joeyd999

Joined Jun 6, 2011
4,477
It's an operating system.
It is networked operating system with a stateful packet filter built into the kernel. In other words, it is an internet router, and firewall, and just about anything else you could want it to be with respect to networking.

What operating system do you think a majority of routers/firewalls run? (Hint: not Windows.)

Edit: I should not have said 'majority' as I have no proof of this.

My point is that Linux is also a network operating system that easily, and often, manages routing and firewalling -- natively in the kernel.

Last edited:

#### eetech00

Joined Jun 8, 2013
2,280
I'm happy you agree

#### joeyd999

Joined Jun 6, 2011
4,477
I'm happy you agree
But I don't. Because you said this:

iptables will help but won't protect Linux from smurf attack.

#### #12

Joined Nov 30, 2010
18,217
Try the attached CUPS driver. It might work.
So, how do I get it to the desktop or the "enter .ppd here' box?
It won't drag and drop.

sudo copy-file CNCUPSMF4100ZS.ppd< desktop?

Very frustrating this Ubuntu! Every time I tell it to change the driver, it demands to search for the printer and refuses to recognize that I clicked on, "provide .ppd file" a hundred times.

If this was Windows, I would Open in new Tab, select all, copy, open notepad, paste it in, and name it.
I can't even find notepad in Ubuntu!!!
I can't find a list of installed programs or applications. Where are they hiding this stuff?
You know...Start, Programs, and a list pops up.

Last edited:

#### joeyd999

Joined Jun 6, 2011
4,477
Source.

Smurf attacks
A smurf attack (which is named after the program people use to perform the attack), consists of three hosts: The attacker, a middle-man, and the victim.

The intention here is to flood the victim with ICMP packets, clogging up their network bandwidth, or exhausting their bandwidth quota with their ISP. The reason for using a middle-man to do this is so that the attacker cannot be identified as the source of the attack.

What the attacker does is to craft an unending stream of ICMP packets, spoofed to appear as if they had originated from the victim. These packets are sent to the middle-man, who responds to each one by sending an ICMPecho-response packet to the victim. The victim, of course, never asked for these packets,but it has no way to stop the unending flood. Even if he calls the middle-man’s ISP, there is no way for the middle-man to easily stop the flood,except by turning off all ICMP traffic. Even if he examines his packet logs,he cannot find out the IP address of the attacker, because the attacker has spoofed the packet.

There is a defense against the smurf attack: rate limit incoming ICMP packets down to an extremely slow trickle. After all, when ICMP traffic is legitimate, it is very low-bandwidth. If someone pings you to see if you’re alive, usually just a few response packets is all that’s necessary. And for the other types of ICMP response – such as when the router informs your network card about routing issues – again only a few packets are needed, not the huge flood that represents a smurf attack.

Here is how to mount a defense using iptables:

Code:
# Allow most ICMP packets to be received (so people can check our
# presence), but restrict the flow to avoid ping flood attacks
iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT