1) Smurf Attacks:
- When a host sends a large number of ICMP echo request with atypical(not related) IP address in the packet & destination address is a subnet broadcast address (also known as a directed broadcast address).
- Routers forward these packets normally to the final router connected to the destination subnet.
- This final router forwards the packets to the LAN as broadcast (send a copy to every host on that subnet)
- Other feature of a smurf attack is that the source IP address of the packet sent by the attacker is the ip address of the attacked host.
- Several solutions to this problem are:
- IOS v12.0, default each interface to use the no ip directed-broadcast which prevent the router from forwarding the broadcast onto the LAN
- Unicast a Reverse Path Forwarding (uRPF) check could be enabled using the ip verify unicast source reachable-via {rx | any } [allow-default] [allow-self-ping[ [list] interface sub command.
- This command tells cisco ios to examine the source IP address of incoming packets on that interface.
- CEF must be enabled for uRPF to work.
- Strict RPF:
- Using the rx keyword, the router checks to see if the the matching route uses an outgoing interface that is the same interface on which the packet was received.
- Loose RPF:
- Using the any keyword, the router checks for any route that can be used to reach the source ip address.
- These commands can also ignore default routes when it performs the check (default) or use default routes when performing the check by including the allow-default keyword.
- allow-default command can trigger a ping(RPF) to the source to verify connectivity.
- This RPF check is limited by a ACL.
- Fraggle Attack use similar logic as smurf attacks, but insted of ICMP, fraggle attacks use the UDP Echo application.
- These attacks can be defeated using the same options as listed for smurf attacks.