Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
OK OK
i thought I'd seen it all
or at least most of it
In my snort logs I get
Cyberkit, Nmap, Ip spoofing,MS SQL worms etc etc you name it
but what the hell is a broadscan smurf scanner
is this something new or what
are little blue guys ( the smurfs ) trying to crack my system
who are these morons and why arent they locked up in a rubber room
The smurf attack is a type of DoS attack, described here. I'd imaging this smurf scanner is scanning for vulnerabilities that allow someone to use the attack.
Quote:
who are these morons and why arent they locked up in a rubber room
They are invariably 15yr olds with far too much time on their hands, playing tit-for-tat against their "friends" on IRC somewhere. In this endeavour, recall neal stephenson: "Arguing with anonymous strangers on the Internet is a sucker's game because they almost always turn out to be - or to be indistinguishable from - self-righteous sixteen-year-olds possessing infinite amounts of free time."
A Smurf attack is a pretty well known DoS attack. It involves sending a ping to the broadcast address of a network. The catch is that the source address is spoofed to that of the target host, so that all the echo reply traffic from each host on the network that responds to broadcast pings will be sent to the target host instead of the attacker, so the initial packet is amplified by the number of hosts on the network. You should have your systems configured so that they do not respond to pings of the broadcast address or at the very minimum filter this kind of traffic at the border router/firewall. The alert is likely telling you that someone was attempting to identify whether your system/network responds to these kinds of packets and can be used as a smurf "amplifier". This attack is a well documented type of DoS, so you can find detailed info using a google search.
----EDIT---
or just follow the linkage christhom posted.
Last edited by Capt_Caveman; 10-10-2004 at 11:29 AM.
the Smoothie is set to drop pings, ICMPs, etc etc - its just driving snort crazy
will check out those links
and yes looking at the firewall logs there are a lot of 15 yr olds with way too much time on their hands
thanks again
floppy
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
little blue men ??
