Smurf Attack getting serious

eetech00

Joined Jun 8, 2013
1,713
iptables will help but won't protect Linux from smurf attack. It has to be handled by by Internet router or firewall. The attack uses a directed broadcast to obtain internal addresses then uses those addresses to target a dos attack at internal machines. The attack has to prevented at the internet router to be effective.
 

Thread Starter

#12

Joined Nov 30, 2010
18,159
If you have your own router, turn off the directed subnet broadcast capability.
I don't even see an option for "subnet broadcasting".
Netgear WGR614-Ver10

Somebody gave me a Cisco router today. Maybe I can install that.
 

Thread Starter

#12

Joined Nov 30, 2010
18,159
Canon ImageCLASS MF4150 Laser Multifunction
At least that's what's on the front. Should I look on the back?

F149200
 

joeyd999

Joined Jun 6, 2011
4,268
It's an operating system.
It is networked operating system with a stateful packet filter built into the kernel. In other words, it is an internet router, and firewall, and just about anything else you could want it to be with respect to networking.

What operating system do you think a majority of routers/firewalls run? (Hint: not Windows.)

Edit: I should not have said 'majority' as I have no proof of this.

My point is that Linux is also a network operating system that easily, and often, manages routing and firewalling -- natively in the kernel.
 
Last edited:

Thread Starter

#12

Joined Nov 30, 2010
18,159
Try the attached CUPS driver. It might work.
So, how do I get it to the desktop or the "enter .ppd here' box?
It won't drag and drop.

sudo copy-file CNCUPSMF4100ZS.ppd< desktop?

Very frustrating this Ubuntu! Every time I tell it to change the driver, it demands to search for the printer and refuses to recognize that I clicked on, "provide .ppd file" a hundred times.:mad:

If this was Windows, I would Open in new Tab, select all, copy, open notepad, paste it in, and name it.
I can't even find notepad in Ubuntu!!!
I can't find a list of installed programs or applications. Where are they hiding this stuff?
You know...Start, Programs, and a list pops up.
 
Last edited:

joeyd999

Joined Jun 6, 2011
4,268
Source.

Smurf attacks
A smurf attack (which is named after the program people use to perform the attack), consists of three hosts: The attacker, a middle-man, and the victim.

The intention here is to flood the victim with ICMP packets, clogging up their network bandwidth, or exhausting their bandwidth quota with their ISP. The reason for using a middle-man to do this is so that the attacker cannot be identified as the source of the attack.

What the attacker does is to craft an unending stream of ICMP packets, spoofed to appear as if they had originated from the victim. These packets are sent to the middle-man, who responds to each one by sending an ICMPecho-response packet to the victim. The victim, of course, never asked for these packets,but it has no way to stop the unending flood. Even if he calls the middle-man’s ISP, there is no way for the middle-man to easily stop the flood,except by turning off all ICMP traffic. Even if he examines his packet logs,he cannot find out the IP address of the attacker, because the attacker has spoofed the packet.

There is a defense against the smurf attack: rate limit incoming ICMP packets down to an extremely slow trickle. After all, when ICMP traffic is legitimate, it is very low-bandwidth. If someone pings you to see if you’re alive, usually just a few response packets is all that’s necessary. And for the other types of ICMP response – such as when the router informs your network card about routing issues – again only a few packets are needed, not the huge flood that represents a smurf attack.

Here is how to mount a defense using iptables:

Code:
# Allow most ICMP packets to be received (so people can check our
# presence), but restrict the flow to avoid ping flood attacks
iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP
iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT
Here we limit ICMP traffic to one packet per second. So, even if someone floods us via smurf, the most packets we’ll ever receive in a day is just over 86,000. If you want even fewer, increase the limit.
 
Top