0

I have a question regarding the Smurf Attack described in the following CISCO article:

http://www.cisco.com/c/en/us/about/security-center/guide-ddos-defense.html#9

In a smurf attack, an attacker broadcasts a large number of ICMP packets with the victim's spoofed source IP to a network using an IP broadcast address. This causes devices in the network to respond by sending a reply to the source IP address.

Now looking at the picture in the article, I assume the "attacker" is sending a ICMP packets with the victim's spoofed source IP to a network (it might by any network, right?) using an IP broadcast address. I also assume that the "victim" host is on a complete different network, hence my question is where to configure no ip directed-broadcast ? If the echo replies are sent back from the network we sent the ICMP packets to, it will have each system on that network the corresponding IP set as src address and the destination will be the victims IP. So how does this protect the victim ?

cyzczy
  • 1,518
  • 5
  • 21
  • 34

1 Answers1

1

You are the "attacker", not the victim

In the described scenario, it protects your systems from being used to attack some third-party victim. If everybody does this, this also helps potential victims indirectly by making this attack ineffective or hard to perform.

Peteris
  • 8,369
  • 1
  • 26
  • 35
  • Yes, this is what I was thinking. But in fact, I guess receiving such broadcast packets may harm / slow down my network as well, so I think implementing this would be beneficial for my network as well, correct ? – cyzczy Jan 09 '17 at 15:02