Back

Definition
A smurf attack is a type of distributed denial of service attack that uses Internet Control Message Protocol echo requests to amplify traffic toward a target. The attacker sends ICMP echo requests to the broadcast address of intermediary networks while spoofing the source IP to be the victim’s address. Every host on those networks replies to the spoofed source, flooding the victim with a large volume of reply traffic.

Why it matters
A smurf attack can quickly overwhelm a victim’s network bandwidth or processing capacity because it amplifies a small amount of malicious traffic into a much larger flood. Networks that allow IP directed broadcasts or do not filter spoofed traffic are particularly vulnerable. Beyond service outages, these attacks waste infrastructure resources and can be difficult to trace back to the original attacker.

Example use case
An attacker spoofs the IP address of a company web server and sends ICMP echo requests to the broadcast addresses of several poorly configured networks. Each machine on those networks replies to the spoofed IP, generating a sudden surge of traffic that knocks the company web server offline.