This is a mirror of official site: http://jasper-net.blogspot.com/

Simulating a Smurf attack with Scapy

| Monday, March 7, 2011
Wikipedia says..
The Smurf attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages.

This attack relies on a perpetrator sending a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. 

If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding.

To simulate a Smurf attack we need to do the following..

1. Install Scapy 

On Mac this is how you do it..

On Ubuntu : sudo apt-get install python-scapy

2. Send a large amount of ICMP request to the broadcast address of the victim network(Directed Broadcast Address).

3. Source IP of the attacker must be spoofed.

As per [2] when we send a ICMP request with a spoofed IP been set to the broadcast IP of the network, the server will broadcast the ICMP response to the entire network..

In the following example with Scapy, we are not using a broadcast IP - instead using an IP address of a different machine in the network.

Target machine IP : 192.168.2.11
Server machine IP : 192.168.2.10

From the attackers machine, I start Scapy;

$ sudo scapy

Then type the following - you can see the source IP been spoofed to the target machine IP.

>>> send(IP(src="192.168.2.11", dst="192.168.2.10")/ICMP())

Posted via email from Jasper-net

0 comments: