Author: Benjamin D. Thomas
By: Suhas A Desai
“Smurf” is the name of an automated program that attacks a network
by exploiting IP broadcast addressing. Smurf and similar programs
can cause the attacked part of a network to become “inoperable.”
Network nodes and their administrators to exchange information about
the state of the network use ICMP.
A smurf program builds a network packet with a spoofed victim
source address. The packet contains an ICMP ping message addressed
to an IP broadcast address, meaning all IP addresses in a given
network. If the routing device delivering traffic to those
broadcast addresses performs the IP broadcast to layer 2 broadcast
function, most hosts on that IP network will reply to it with an
ICMP echo reply each. The echo responses to the ping message are
sent back to the victim address. Enough pings and resultant echoes
can flood the network making it unusable for real traffic.
A related attack is called “fraggle”, simple re-write of smurf; uses
UDP echo packets in the same fashion as the ICMP echo packets. The
intermediary (broadcast) devices, and the spoofed victim are both hurt
by this attack. The attackers rely on the ability to source spoofed
packets to the “amplifiers” in order to generate the traffic which
causes the denial of service.
In order to stop this, all networks should perform filtering either
at the edge of the network where customers connect (access layer) or
at the edge of the network with connections to the upstream providers,
in order to defeat the possibility of source address spoofed packets
from entering from downstream networks, or leaving for upstream
networks.
One way to defeat smurfing is to disable IP broadcast addressing at
each network router since it is seldom used.
READ ENTIRE ARTICLE:
http://www.linuxsecurity.com/content/view/120225/49/
LinuxSecurity.com
Feature Extras:
Linux File
& Directory Permissions Mistakes – One common mistake Linux administrators
make is having file and directory permissions that are far too liberal and
allow access beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this article,
so I’ll assume you are familiar with the usage of such tools as chmod, chown,
and chgrp. If you’d like a refresher, one is available right here on linuxsecurity.com.Introduction:
Buffer Overflow Vulnerabilities – Buffer overflows are a leading type
of security vulnerability. This paper explains what a buffer overflow is,
how it can be exploited, and what countermeasures can be taken to prevent
the use of buffer overflow vulnerabilities.Getting
to Know Linux Security: File Permissions – Welcome to the first
tutorial in the ‘Getting to Know Linux Security’ series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I’ll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with “subscribe” as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week’s most relevant Linux security headline.
Debian | ||
Debian: New proftpd packages fix format string vulnerability |
||
1st, September, 2005
|
||
Debian: New sqwebmail packages fix cross-site scripting |
||
1st, September, 2005
|
||
Debian: New Mozilla Firefox packages fix several vulnerabilities |
||
1st, September, 2005
|
||
Debian: New polygen packages fix denial of service |
||
1st, September, 2005
|
||
Debian: New affix packages fix remote command execution |
||
1st, September, 2005
|
||
Debian: New zsync packages fix DOS | ||
1st, September, 2005
|
||
Debian: New phproupware packages fix several vulnerabilities |
||
2nd, September, 2005
|
||
Debian: New webcalendar packages fix remote code execution |
||
2nd, September, 2005
|
||
Debian: New pcre3 packages fix arbitrary code execution |
||
2nd, September, 2005
|
||
Debian: Updated i386 proftpd packages fix format string vulnerability |
||
2nd, September, 2005
|
||
Debian: New ntp packages fix group id confusion |
||
5th, September, 2005
|
||
Debian: New cvs packages fix insecure temporary files |
||
7th, September, 2005
|
||
Debian: New Apache packages fix HTTP request smuggling |
||
8th, September, 2005
|
||
Debian: New kdelibs packages fix backup file information leak |
||
8th, September, 2005
|
||
Fedora | ||
Fedora Core 4 Update: evince-0.4.0-1.2 | ||
1st, September, 2005
|
||
Fedora Core 4 Update: openmotif-2.2.3-10.FC4.1 | ||
2nd, September, 2005
|
||
Fedora Core 4 Update: cman-kernel-2.6.11.5-20050601.152643.FC4.12 | ||
2nd, September, 2005
|
||
Fedora Core 4 Update: gnbd-kernel-2.6.11.2-20050420.133124.FC4.45 | ||
2nd, September, 2005
|
||
Fedora Core 4 Update: dlm-kernel-2.6.11.5-20050601.152643.FC4.12 | ||
2nd, September, 2005
|
||
Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.14 | ||
2nd, September, 2005
|
||
Fedora Core 4 Update: lockdev-1.0.1-7.1 | ||
2nd, September, 2005
|
||
Fedora Core 3 Update: perl-Compress-Zlib-1.37-1.fc3 | ||
6th, September, 2005
|
||
Fedora Core 4 Update: perl-Compress-Zlib-1.37-1.fc4 | ||
6th, September, 2005
|
||
Fedora Core 3 Update: perl-DBI-1.40-6.fc3 | ||
6th, September, 2005
|
||
Fedora Core 4 Update: termcap-5.4-6 | ||
6th, September, 2005
|
||
Fedora Core 4 Update: ckermit-8.0.211-3.FC4 | ||
6th, September, 2005
|
||
Fedora Core 4 Update: kdegraphics-3.4.2-0.fc4.2 | ||
6th, September, 2005
|
||
Fedora Core 4 Update: squid-2.5.STABLE9-8 | ||
6th, September, 2005
|
||
Fedora Core 3 Update: squid-2.5.STABLE9-1.FC3.7 | ||
6th, September, 2005
|
||
Fedora Core 4 Update: pam-0.79-9.5 | ||
6th, September, 2005
|
||
Fedora Core 4 Update: setup-2.5.44-1.1 | ||
6th, September, 2005
|
||
Fedora Core 4 Update: tar-1.15.1-10.FC4 | ||
7th, September, 2005
|
||
Fedora Core 3 Update: openssh-3.9p1-8.0.3 | ||
7th, September, 2005
|
||
Fedora Core 4 Update: tzdata-2005m-1.fc4 | ||
7th, September, 2005
|
||
Fedora Core 3 Update: tzdata-2005m-1.fc3 | ||
7th, September, 2005
|
||
Fedora Core 4 Update: httpd-2.0.54-10.2 | ||
7th, September, 2005
|
||
Fedora Core 3 Update: httpd-2.0.53-3.3 | ||
7th, September, 2005
|
||
Gentoo | ||
Gentoo: MPlayer Heap overflow in ad_pcm.c | ||
1st, September, 2005
|
||
Gentoo: Gnumeric Heap overflow in the included PCRE library |
||
3rd, September, 2005
|
||
Gentoo: OpenTTD Format string vulnerabilities | ||
5th, September, 2005
|
||
Gentoo: phpLDAPadmin Authentication bypass | ||
6th, September, 2005
|
||
Gentoo: Net-SNMP Insecure RPATH | ||
6th, September, 2005
|
||
Gentoo: Squid Denial of Service vulnerabilities | ||
7th, September, 2005
|
||
Red Hat |
||
RedHat: Important: httpd security update | ||
6th, September, 2005
|
||
RedHat: Low: cvs security update | ||
6th, September, 2005
|
||
Category:
- Security