BetaLog

作者:zyqin http://www.betalog.cn

   Smurf是网络攻击的一种，通过使用将回复地址设置成受害网络的广播地址的ICMP应答请求(ping)数据包。这些地址把接收到的所有信息广播到其子网内的所有主机。每个广播地址可以支持最多255个主机，所以一个ping请求就可以变成255个请求，放大了255倍。这些请求返回的地址又将成为新的受害者。所有接收到这些ping请求的主机都在其发送包中的回复地址改成了受感染主机的地址，而不是数据包发送者的地址。一个攻击者每秒可以发送成百上千个ping信息，使得整个互联网服务陷于瘫痪。

Smurf属于DoS（服务拒绝式攻击）的一种，它的目的不是为了窃取信息，而是为了是服务器或者网络瘫痪。

A type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcast address. These are special addresses that broadcast all received messages to the hosts connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the attacker's victim. All the hosts receiving the PING request reply to this victim's address instead of the real sender's address. A single attacker sending hundreds or thousands of these PING messages per second can fill the victim's T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees.

Smurfing falls under the general category of Denial of Service attacks -- security attacks that don't try to steal information, but instead attempt to disable a computer or network.

参考资料
-------------------------------------------------------------
Smurf攻击是以最初发动这种攻击的程序名“Smurf”来命名的。这种攻击方法结合使用了IP欺骗和ICMP回复方法使大量网络传输充斥目标系统，引起目标系统拒绝为正常系统进行服务。Smurf攻击通过使用将回复地址设置成受害网络的广播地址的ICMP应答请求(ping)数据包，来淹没受害主机，最终导致该网络的所有主机都对此ICMP应答请求做出答复，导致网络阻塞。更加复杂的Smurf将源地址改为第三方的受害者，最终导致第三方崩溃。