Brute force
But why should your enemies worry about sneaking in the back windows when they can simply bulldoze your systems? That's the approach that the Smurf attack and the User Datagram Protocol (UDP) flood use.
When you're Smurfed, your enemy floods your router with Internet Control Message Protocol (ICMP) echo request packets--a special kind of ping packet. Each packet's destination IP address is also your broadcast address, which causes your router to broadcast the ICMP packets to all your network's hosts. Needless to say, with a large network, this quickly leads to an electronic traffic jam of mammoth proportions. And as with the Land attack, if the cracker combines Smurfing with spoofing, matters get even worse.
The simple way to avoid Smurfing is to turn off broadcast addressing at your router and set your firewall to block ICMP echo requests. You may also be able to set your server so it won't respond to requests to send ICMP packets to IP broadcast addresses. These changes won't interfere with your network's normal operations because few applications need IP's broadcast features.
It's not as easy to deal with UDP flood DoS attacks, since some legal applications, like RealVideo, use UDP. In a UDP flood, an attacker spoofs a call to connect one system's UDP chargen service, a test program that generates characters for received packets, with another system's UDP echo service. The result? Chargen's semi-random characters are reflected back and forth between systems, starving legitimate applications' bandwidth needs.
One way to prevent UDP attacks is to disable or filter all UDP services request for your host. As long as you allow non-service UDP requests, normal applications that require UDP or use it as a backup data transport protocol will continue to work normally.
