If you’re plan to take the Security+, SSCP, or CISSP exam, you should know about many of the attack types such as the smurf attack. As an example, Objective “3.2 Analyze and differentiate among types of attacks” for the CompTIA Security+ exam lists several common types of attacks including the smurf attack.
A smurf attack spoofs the source address of a broadcast ping packet to flood a victim with ping replies. That’s a complex sentence, so it’s worthwhile breaking this down.
Over 385 realistic Security+ practice test questions
At least 10 performance-based questions
All questions include explanations so you’ll know why the correct answers are correct,
and why the incorrect answers are incorrect.
Upgrade Your Resume with the Security+ New Version
Multiple quiz formats to let you use these questions based on the way you learn.
Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.
A ping is normally a unicast message sent from one computer to one computer. It sends ICMP echo requests to one computer, and the receiving computer responds with ICMP echo responses. Figure 1 shows how this works. Computer 1 is sending out a unicast ping to computer 3 and computer 3 responds with ICMP replies.
Figure 1
If you receive the responses you know that the other computer is operational.
Note: Because ICMP is used in many types of attacks, many firewalls block ICMP echo requests. If you don’t receive ping responses back it doesn’t necessarily mean the other computer is not operational. It could be because the ping is being blocked by a firewall.
On Windows systems, ping sends out four ICMP requests and gets back four replies. On some other operating systems, ping continues until stopped. You can add the -t switch to ping on Windows systems causing ping requests to continue until stopped.
Instead of using a unicast message, a smurf attack sends out the ping request as a broadcast. In a broadcast, one computer sends the packet to all other computers in the subnet. These computers then reply to the single computer that sent the broadcast ping as shown in Figure 2. Computer 1 is sending out a broadcast ping to all the computers on the subnet and each one of them are now responding, flooding the computer with ping replies.
Figure 2
If computer 1 is the attacker, the results of Figure 2 aren’t very beneficial. If something isn’t changed, the attacker gets attacked.
Security+ Full Access Package
Pass the First Time!
Up-to-date Content
New multiple-choice and performance-based
questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.
Buy The Full Access Study Package Today
60 Days Access
Need more time?
You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
If the source IP address isn’t changed, the computer sending out the broadcast ping will get flooded with the ICMP replies. Instead, the smurf attack substitutes the source IP with the IP address of the victim, and the victim gets flooded with these ICMP replies. Figure 3 shows how computer 1 can send out the smurf attack using computer 2’s IP address as the source IP address. All the computers on the subnet then flood computer 2 with ICMP replies.
Figure 3
Security+ Full Access Package
Pass the First Time!
Up-to-date Content
New multiple-choice and performance-based
questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.
Buy The Full Access Study Package Today
60 Days Access
Need more time?
You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
A smurf amplifier is a computer network used in a smurf attack. This is easily prevented by blocking IP directed broadcasts used by smurf attacks. However, if a router or a firewall isn’t configured to protect the network, it can become part of the attack.
Figure 4 shows how this works. The attacker (computer 1) sends a broadcast ping into the amplifying network with a spoofed source IP address of computer 6. Each computer in the amplifying network receives the broadcast and then responds by flooding the victim (computer 6) with ping replies.
Figure 4
Not Blue Packets
The rumor that a smurf attack is one where attackers send out little blue packets that report back to Papa Smurf is simply not true.
Ensure you understand the basics of a smurf attack when taking any security-based exam such as the Security+, SSCP, or CISSP exams. A smurf attack spoofs the source address of a broadcast ping packet to flood a victim with ping replies. Smurf attacks are known to use amplifying networks but administrators commonly block this rules on a router or firewall.
Master Security+ Performance Based Questions Video
I recently took the security+ SYO 301 exam., and there’s a question like this that demonstrate where a computer pings the switch that connects multiple workstations, then the switch now sends out a broadcast to all the workstations including the one that initiates the attack in the first place, and in turn all the workstations or computers, now reply back to just one workstation in the network, thereby crashing it.
My question is, is that no the same as ping-of-death?
By the way, I failed the exam, and am preparing for it by october 1st. I bought one of your online study tool that includes the performance based questions, and its very informative and up to date. Hopefully, I will pass it this time around.
Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. This excerpt includes the introduction and Chapter 1.
I recently took the security+ SYO 301 exam., and there’s a question like this that demonstrate where a computer pings the switch that connects multiple workstations, then the switch now sends out a broadcast to all the workstations including the one that initiates the attack in the first place, and in turn all the workstations or computers, now reply back to just one workstation in the network, thereby crashing it.
My question is, is that no the same as ping-of-death?
By the way, I failed the exam, and am preparing for it by october 1st. I bought one of your online study tool that includes the performance based questions, and its very informative and up to date. Hopefully, I will pass it this time around.
Thank you.
Hi Charles,
What you’re describing is a smurf attack (as described on this page).
Hope you passed it the second time around.
Darril