Sorry if this is a duplicate -- webmail burped... SMURF: use an intermediary to flood your victim. Spoof the victim's address and send an ICMP Ping (Echo Request) to a subnet broadcast address. Each device on the subnet will respond back to what they think is the sender (the victim) with an ICMP ECHO Reply, flooding the victim.
LAND: set the source and destination IP address (on any packet) both to the victim's IP address. This used to kill some machines a long time ago (they'd try to send a response to themselves, and either burn a lot of cycles or end up in a nice tight death spiral). Spoof: really a technique used in an attack, rather than an attack in itself. The idea is to use a different IP address than the one assigned to your computer in the source address field of an IP packet you send. So both LAND and SMURF use spoofing. Another example would be the typical TCP SYN Flood: send a TCP SYN to the victim with a faked IP address (preferably one that was not assigned, or would not respond). The victim allocates a bunch of memory, sends back a SYN-ACK, and waits for the ACK that never comes. LAND isn't particularly effective anymore. SMURF and SYN-Flood are still, because there are lots of machines/subnets out there that will participate in the attacks. Multiply a SMURF/SYNFlood by several million, mix well, instant DoS. Multiply by a thousand slaves, and you have a DDoS. ============================================== Hi list, Can someone give the EXACT differences btw SMURF LAND and IP soofing attacks. karpagamekapalidurgau ___________________________ __________________________________________________________ Outgrown your current e-mail service? Get 25MB Storage, POP3 Access, Advanced Spam protection with LYCOS MAIL PLUS. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
