Thursday 22 June 2023

What is Smurf attack DDoS attack? How to configure Smurf attack?

 A Smurf attack is a form of a DDoS attack (distributed denial of service). Smurf attack occurs at layer 3. A Smurf attack is named after the malware DDoS Smurf and more widely Smurf attack is named after a cartoon because it takes down a big target by working together.




 Smurf attack exploiting vulnerabilities of IP and ICMP. 






First, the attacker builds a Smurf malware spoofed packet that has its source address set to the targeted victim and this packet is sent to the destination address is a subnet broadcast address of a router or firewall. This is also called a directed broadcast. Now it sends requests (ICMP) to every host device address inside the network. More numbers of devices mean more requests. All the devices receive these requests and they reply to the target victim host with an ICMP packet. This attack makes the victim overwhelmed and results in denial-of-service to legitimate traffic. 




I am assuming you understand the DDoS Smurf's attack, now let's configure and then we will see how to prevent these attacks. 


Topology: -


  • configure the topology as per the diagram 
  • assign the IP addresses on servers and PCs as per the topology. 
  • assign the IP address Kali Linux 2-2 as per the topology
  • configure trunk and allowed all VLANs on the switch
  • configure PC ports as access ports. 
  • configure static routing between routers
  • target server-1 from Kali 2-2
  • configure Smurf to attack the victim server with ICMP messages 
  • make sure the server choked up and make it almost dead.


{assign the IP addresses on servers and PCs as per the topology}

SERVER-1> show ip all
NAME   IP/MASK              GATEWAY           MAC                DNS
SERVER-192.168.1.20/24      192.168.1.1       00:50:79:66:68:04

SERVER-2> show ip all
NAME   IP/MASK              GATEWAY           MAC                DNS
SERVER-192.168.1.21/24      192.168.1.1       00:50:79:66:68:06

SERVER-3> show ip all
NAME   IP/MASK              GATEWAY           MAC                DNS
SERVER- 192.168.1.22/24      192.168.1.1       00:50:79:66:68:05


PC1> show ip all

NAME   IP/MASK              GATEWAY           MAC                DNS
PC1    192.168.1.10/24      192.168.1.1       00:50:79:66:68:00


PC2> show ip all

NAME   IP/MASK              GATEWAY           MAC                DNS
PC2    192.168.1.11/24      192.168.1.1       00:50:79:66:68:01


PC3> show ip all

NAME   IP/MASK              GATEWAY           MAC                DNS
PC3    192.168.1.12/24      192.168.1.1       00:50:79:66:68:02


PC4> show ip all

NAME   IP/MASK              GATEWAY           MAC                DNS
PC4    192.168.1.13/24      192.168.1.1       00:50:79:66:68:03


{assign the IP address Kali Linux 2-2 as per the topology}





{configure trunk and allowed all VLANs on the switch}


SWITCH-1#show interface trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/0       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/0       1-4094

Port        Vlans allowed and active in management domain
Gi0/0       1,100,200,300

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/0       1,100,200,300


{configure static routing between routers}


R1(config)#interface serial 4/0
R1(config-if)#ip address 1.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit

*Jun 22 17:30:44.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial4/0, changed state to up

R1(config)#interface fastethernet 0/0
R1(config-if)#ip addres 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit

*Jun 22 17:31:13.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, 


R2(config)#interface serial 4/0
R2(config-if)#ip address 1.1.1.2 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit

*Jun 22 12:27:58.131: %LINK-3-UPDOWN: Interface Serial4/0, changed state to up
*Jun 22 12:27:59.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial4/0,                                                                             
R2(config)#interface fastethernet 0/0
R2(config-if)#ip address 192.168.2.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit


R1(config)#ip route 1.0.0.0 255.0.0.0 1.1.1.2
R1(config)#ip route 192.168.2.0 255.255.255.0 1.1.1.2

R2(config)#ip route 1.0.0.0 255.0.0.0 1.1.1.1
R2(config)#ip route 192.168.1.0 255.255.255.0 1.1.1.1
R2(config)#exit


R2#show ip route static
S    192.168.1.0/24 [1/0] via 1.1.1.1


R1#show ip route static
S    192.168.2.0/24 [1/0] via 1.1.1.2

(Now we try to ping from PCs to KALI and we will make sure the network is working fine)


PC1> ping 192.168.2.25
84 bytes from 192.168.2.25 icmp_seq=1 ttl=62 time=62.669 ms
84 bytes from 192.168.2.25 icmp_seq=2 ttl=62 time=66.405 ms
84 bytes from 192.168.2.25 icmp_seq=3 ttl=62 time=63.907 ms
84 bytes from 192.168.2.25 icmp_seq=4 ttl=62 time=70.719 ms
84 bytes from 192.168.2.25 icmp_seq=5 ttl=62 time=62.990 ms

SERVER-1> ping 192.168.2.25
84 bytes from 192.168.2.25 icmp_seq=1 ttl=62 time=63.265 ms
84 bytes from 192.168.2.25 icmp_seq=2 ttl=62 time=64.596 ms
84 bytes from 192.168.2.25 icmp_seq=3 ttl=62 time=72.530 ms
84 bytes from 192.168.2.25 icmp_seq=4 ttl=62 time=63.830 ms
84 bytes from 192.168.2.25 icmp_seq=5 ttl=62 time=64.962 ms

(AS OF NOW EVERYTHING IS WORKING FINE, NOW WE ARE GOING TO ATTACK OUR VICTIM SERVER-1)






(Now we are going to capture traffic with the help of Wireshark) 




(As you can see from the above output, we are capturing traffic between router-1 and router-2 and router-1 is getting thousands of ICMP requests. now capture traffic between server and switch)






(Now you will see router-1 sending ICMP requests and now our server is getting down) let's see on the server)

SERVER-1>
SERVER-1> ping 192.168.1.10
84 bytes from 192.168.1.10 icmp_seq=1 ttl=64 time=25.006 ms
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
84 bytes from 192.168.1.10 icmp_seq=2 ttl=64 time=5.128 ms
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
84 bytes from 192.168.1.10 icmp_seq=3 ttl=64 time=10.348 ms
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
84 bytes from 192.168.1.10 icmp_seq=4 ttl=64 time=7.397 ms
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
84 bytes from 192.168.1.10 icmp_seq=5 ttl=64 time=6.493 ms
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
queue is full
SERVER-1>


(When we try to ping PC1 from the server the queue is full. Soon our server goes down and it chocked up)


(Now the question comes to how to prevent SMURF ATTACK)


R1(config)#interface serial 4/0
R1(config-if)#no ip broadcast-address
R1(config-if)#ip verify unicast source reachable-via rx allow-default allow-self-ping
R1(config-if)#ip cef

(Now again we try to ping from server to PC)

SERVER-1> ping 192.168.1.10
84 bytes from 192.168.1.10 icmp_seq=1 ttl=64 time=13.014 ms
84 bytes from 192.168.1.10 icmp_seq=2 ttl=64 time=6.296 ms
84 bytes from 192.168.1.10 icmp_seq=3 ttl=64 time=6.508 ms
84 bytes from 192.168.1.10 icmp_seq=4 ttl=64 time=9.503 ms
84 bytes from 192.168.1.10 icmp_seq=5 ttl=64 time=6.806 ms


(As you can see the server is working fine no queues full one more thing try to capture traffic between the victim and switch)







(Now our network is working fine and thank you so much for reading)
if you like this blog please visit our YouTube program.


By at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

What is Virtual Router Redundancy Protocol (VRRP)? How to configure Virtual Router Redundancy Protocol (VRRP)?

 Virtual Router Redundancy Protocol (VRRP) is a gateway redundancy networking protocol used to create a virtual gateway similar to HSRP . VR...