The problem is that for a router to send magic WOL packets to your network, you need either: 1.an external router interface for generating and sending magic WOL packets, or 2.manual enabling of a static route or directed broadcast. Many (most?) low-end routers don't have that capability because of the risk of smurf denial of service attacks.
WHAT IS A SMURF ATTACK?
The smurf attack is a way of generating a lot of computer network traffic to a victim site. That is, it is a type of denial-of-service attack. Specifically, it floods a target system via spoofed broadcast ping messages.
In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts (for example via a layer 2 broadcast), most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.
Today, thanks largely to the ease with which administrators can make a network immune to this abuse, very few networks remain vulnerable to smurf attacks.
The fix is twofold:
Configure individual hosts and routers not to respond to ping requests to broadcast addresses, and Configure routers not to forward packets directed to broadcast addresses.
Another proposed solution, to fix this as well as other problems, is network ingress filtering which rejects the attacking packets on the basis of the forged source address.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment