A type of network security breach in which a netork connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcast address. These are special addresses that broadcast all received messages to the hosts connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the attacker's victim. All the hosts receiving the PING request reply to this victim's address instead of the real sender's address. A single attacker sending hundreds or thousands of these PING messages per second can fill the victim's T-1 (or even T-3) line with PING replies, bringing the entire Internet service to its knees.
A broadcast based attack that has been named after the original program created to launch this exploit. SMURF creates high levels of network traffic by sending broadcast ping packets to a network with a large number of hosts (say 500 or more). The reply IP address of the ping request is set to that of a victim's host. As all the hosts try to respond simultaneously, the victim's host suffers a denial of services.