BigIron RX Series Configuration Guide 97753-1001986-01Chapter34Protecting Against Denial of Service AttacksIn a Denial of Service (DoS) attack, a router is flooded with useless packets, hindering normaloperation. The BigIron RX includes measures for defending against two types of DoS attacks, Smurfattacks and TCP SYN attacks.Protecting against Smurf attacksA Smurf attack is a kind of DoS attack where an attacker causes a victim to be flooded with ICMPecho (Ping) replies sent from another network. Figure 127 illustrates how a Smurf attack works.FIGURE 127 How a Smurf attack floods a victim with ICMP repliesThe attacker sends an ICMP echo request packet to the broadcast address of an intermediarynetwork. The ICMP echo request packet contains the spoofed address of a victim network as itssource. When the ICMP echo request reaches the intermediary network, it is converted to a Layer 2broadcast and sent to the hosts on the intermediary network. The hosts on the intermediarynetwork then send ICMP replies to the victim network.For each ICMP echo request packet sent by the attacker, a number of ICMP replies equal to thenumber of hosts on the intermediary network are sent to the victim. If the attacker generates alarge volume of ICMP echo request packets, and the intermediary network contains a large numberof hosts, the victim can be overwhelmed with ICMP replies.213AttackerIntermediaryVictimAttacker sends ICMP echo requests tobroadcast address on Intermediary’snetwork, spoofing Victim’s IP addressas the sourceIf Intermediary has directed broadcastforwarding enabled, ICPM echo requestsare broadcast to hosts on Intermediary’snetworkThe hosts on Intermediary’s networksend replies to Victim, inundating Victimwith ICPM packets