North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Smurfing

  • From: Craig A. Huegen
  • Date: Sat Feb 14 02:13:10 1998

On Sat, 14 Feb 1998, William Allen Simpson wrote:

==>Wow, I was glad to see that all these wonderful folks are reading the
==>router requirements (RFC-1812, June 1995).  Good, good.
==>What I'd like to understand is how smurf attacks can work, even with
==>directed broadcast on?  Isn't there a requirement (RFC-1122) from ages
==>past (October 1989) that ICMP not respond to broadcast or multicast
==>[page 38 et seq]?

Nope.  RFC 1122[1] says (also in my paper =):

   An ICMP Echo Request destined to an IP broadcast or IP
   multicast address MAY be silently discarded.

      This neutral provision results from a passionate debate
      between those who feel that ICMP Echo to a broadcast
      address provides a valuable diagnostic capability and
      those who feel that misuse of this feature can too
      easily create packet storms.

Most stack implementors have chosen to respond to it because of its
troubleshooting value; then again, the date of the RFC shows why many
folks would tend to believe the threat of the attack wouldn't be very


[1] RFC-1122, "Requirements for Internet Hosts - Communication Layers";
    R.T. Braden; October 1989.