Abstract IP Address Spoofng attacks are used to take control over computer by unauthorized means, whereby the attacker sends messages to a computer with fake IP address indicating that the message is coming from trusted host. In IP Address Spoofng attack through ICMP , attackers use incorrect source IP addresses in attack packets (spoofed IP packets) to hide identity from victim, it also reduce the risk of trace-back and avoid detection. In this paper, we investigate the methods adopted in order to perform attacks through Internet Control Message Protocol (ICMP) messages, also known as Smurf Attack. We present the comparative analysis of the various solutions of Smurf Attack. Keywords ICMP, Smurf Attack, IPTables, Ingress Filteing, IP Address. I. Introduction In IP address spoofng Internet Protocol[1,2,5] packets are created with forged source IP address. The main aim of spoofng is for hiding sender identity. In this attacker unauthorizingly access computer or network showing as if malicious message came from trusted machine by spoofng that machine address. This spoofng can be used in denial of service attack where victim fows with large traffc but attacker has no problem if responses come from attack packets and spoofed address packets are required for these attacks. Smurf attack[2-4] overfows network traffc which is a kind of denial of service attack where with the help of spoofed broadcast ping messages fooding of target system is done. Generally smurf is used by attackers so that attack part cannot be operated. Smurfng can make use of Internet Protocol (IP) and Internet Control Message Protocol (ICMP). Basically network nodes and their administrators use ICMP for exchanging information regarding state of network. ICMP ping other nodes to check whether they are operating or not. A node which is operating basically sends an echo message when we send any ping message. Fig.1 will explain the working of smurf attacks. Fig.1: Smurf Attack Smurf program forms a network packet seems to originate from another address that means spoofng an IP address. The packet basically has ICMP ping message addressing the IP broadcast address that means all IP addresses are within a gi.ven network. When ping messages will be sent responses come back to victim address. Due to fooding of no of pings and echoes inside a network it may cause hurdles for real traffc to pass through. A. ICMP echo attacks Whenever attacker sends an ICMP[3] echoes to no of hosts in a given subnet reply will come back showing which hosts are alive.When spoofed ICMP echo requests are sent to no of subnets victim will receive ICMP echo replies through every machine. B. ICMP Redirect Attacks ICMP redirect messages route traffc on particular route or particular host which is not a router actually. This is really simple as we just need to send spoofed ICMP message as if coming from a host gateway.Fig.2(a) and 2(b) will depict the process. Fig.2(a): ICMP Redirect Attack Fig. 2(b): ICMP Redirect Attack C. ICMP Destination unreachable attacks Gateways use ICMP Destination unreachable message to defne datagram is not delivered. This can used even to cut some of the nodes in a network. It is also denial of service attack.Fig.3 shows the destination unreachable attack. Fig.3: ICMP Destination Unreachable Attack Smurf Attacks: Attacks using ICMP 1 Kavita Choudhary , 2 Meenakshi, 3 Shilpa 1,2,3 ITM University, Gurgaon, Haryana, India INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND T ECHNOLOGY 75 ISSN : 2229-4333(Print) | ISSN : 0976-8491(Online) www.ijcst.com IJCST VOL. 2, ISSUE 1, MARCH 2011