Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Please Prove My Father Wrong!
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
hijack this log computer 2 »
« IP address blocking  
AuthorAll Replies

x539

join:2003-08-23
Oklahoma City, OK

reply to mziemba
Re: Please Prove My Father Wrong!

I suspect that what you're seeing is not a "smurf attack" at all. Reason being that this is a very old-school attack, and it's pretty hard to pull it off effectively any more. The reasons this attack used to be successful are:

1. Windows machines used to reply to ICMP ECHO directed to the broadcast address. They haven't for several years. Note: Most Linux/UNIX machines in default configuration will. In Linux adding "net.ipv4.icmp_echo_ignore_broadcasts = 1" to sysctl.conf will stop this.

2. Most people used slower connections. It takes a whole lot more pings to knock someone off a broadband connection than off a 28.8 dialup.

What I think is more likely is that your router assumes that all x.x.x.0 and x.x.x.255 IPs are network/broadcast addresses, and classifies packets coming from these hosts as smurfs. That is not necessarily the case though, as those addresses are dependent on the size of the subnet. For example, the address 10.1.4.255 is not a broadcast address on a 10.1.0.0/16 network.

As far as why the network "goes down", it would appear that way if you were waiting for packets from a host that your router was eating because it thinks its an attack.

It's possible that you really are the victim of a smurf attack, but I would say that it's highly improbable
to forum · permalink · · 2004-05-17 10:41:12 · Reply to this
Forums » Up and Running » Security » Securityhijack this log computer 2 »
« IP address blocking  

Wednesday, 09-Dec 05:35:53 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [194] Sprint Sued For Distracted Driving Death
· [81] 3G Network Test Says AT&T Is Tops
· [72] Mediacom Unveils 105 Mbps Pricing
· [62] Sprint Poised For A Turnaround?
· [50] The Future Of Wi-Fi Is Bright
· [50] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [44] Microwaving Your Innards Is Not 'Extreme'
· [39] Verizon LTE: 5-12 Mbps Downstream
· [21] AT&T Releases Network Reporting iPhone App
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· Comcast refused to install 400' feet. [Comcast HSI]
· buffs, nerfs, and 3.3 [World of Warcraft]
· Man Downloads Child Porn "Accidentally," Faces 20 Years [Security]
· Maximizing Rogue DPS for 3.1 [World of Warcraft]
· ICC Strats??? [World of Warcraft]
· Tomato/MLPPP v3 alpha 6 released! [TekSavvy]
· [WIN7] Outlook express under Windows 7? [Microsoft Help]
· Using DIR-615 C1/3.01 with Trendnet TEW-652BRP in N Mode [D-Link]