Smurf DDoS attack:❗️ How it works and how to mitigate

Smurf Attack Scenario

It looks very close to ping attacks considering the manner of execution. However, there is a difference in the target feature that is exploited. Generally, the attacker sends a ping (ICMP echo) and rides on the automated server-host response. This is done at a bandwidth larger than the predetermined coverage of the targeted server.

  1. The attacking malware — SMURF — is used to create fake pings. This ping definitely needs a source. The attacker uses a fake source — that is, they engineer a new source under the guise of legitimacy.
  2. The generated ping is sent to a network by which an IP broadcasts packets. This serves as an intermediary.
  3. This network naturally transmits to all the devices on its radar.
  4. As expected of a normal host-server response, all the networks send a response to the faked address.
  5. When too many simultaneous responses are sent to the server in question. It is, therefore, unable to function.

Types of Smurfs DDoS Attacks

They are classified based on how sophisticated their execution is. Considering this, two types exist; the basic and the advanced attacks.

How to Mitigate Smurf DDoS Attack?

Surprisingly for those interested in how to stop Smurf attacks, it does not require any complicated or flashy move. It works by a combined function of filtering between pings (ICMP packet requests) and an over-provisioning method. The combination of this allows administrators to identify possible requests from spoofed sources and erase them without interfering with the normal functions of the server in question.

  1. Immediately restrict the attacked structure or server from getting requests from any broadcast framework. This automatically allows the server to have time to get rid of the load.
  2. After this, you have to re-program the hosts not to answer the perceived threatening requests.


Overall standard network security protocols may or may not be effective against these attacks. However, as an administrator, it is important that you put the necessary oversight mechanism to prevent such occurrence.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ivan Novikov

Ivan Novikov

CEO at Wallarm. Application security platform to prevent threats and discover vulnerabilities in a real-time.