A Smurf attack is a type of distributed denial-of-service (DDoS) attack that exploits vulnerabilities in the Internet Protocol (IP) and Internet Control Message Protocols (ICMP) . In a Smurf attack, the attacker sends a large number of ICMP packets with a spoofed source IP address to a computer network using an IP broadcast address. The steps involved in a Smurf attack are:

• The attacker creates a network packet attached to a false IP address using a technique known as "spoofing".
• Inside the packet is an ICMP ping message, asking network nodes that receive the packet to send back a reply.
• These replies, or "echoes," are then sent back to network IP addresses again, setting up an infinite loop.

When combined with IP broadcasting, which sends the malicious packet to every IP address in a network, the Smurf attack can quickly cause a complete denial of service. The name "Smurf" comes from the idea of very small, but numerous attackers overwhelming a much larger opponent.

Smurf attacks were prevalent in the late 1990s, but today, administrators can make a network immune to such abuse, and very few networks remain vulnerable to Smurf attacks. However, an advanced Smurf attack can configure sources to respond to additional third-party victims, enabling attackers to target multiple victims.

To execute a successful Smurf attack, cybercriminals need DDoS.Smurf malware to execute the attack, a spoofed IP address that routes back to the Smurf attack victim, and ICMP packets that overwhelm the victim’s network. Manufacturers have disabled default ICMP Echo Replies or allowed for these settings to be configured to strengthen router security.