Can Microsoft´s Service Pack2 (SP2) Security Software Prevent SMURF Attacks?

DDoS flooding attacks are quite popular with hackers and they can cause devastating impact on computer systems. Smurf attack is a type of flooding attack that involves ICMP protocol, which is known to have brought down high profile commercial websites. A computer system running Microsoft’s Windows-XP with Service Pack2 (SP2) security software is designed to drop ICMP packets by default, which makes one believe that ICMP-based flooding attacks cannot harm a computer system that deploys SP2 security software. In this experimental paper, we set out to test and measure the effectiveness of the Microsoft Windows- XP with SP2 security software in protecting a computer system from ICMP-based flooding attacks in fast Ethernet environment. We simulate Smurf attacks on a computer system in the controlled lab environment. In these experiments, we measure the exhaustion of computing resource of a computer system with and without Windows-XP SP2 security software. It is observed that under Smurf attack, the victim computer deploying SP2 security software dropped all ICMP messages; nevertheless, the exhaustion of the processor resource of the computer running the SP2 security-software couldn’t be stopped. Furthermore, it was found interestingly that the exhaustion of the processor resource of the computer system running the SP2 security was much higher than that of the computer system that didn’t deploy SP2 security software. These experiments show that dropping of ICMP messages by SP2-security software at the victim computer is too late of an act in preventing the adverse effect of the Smurf attack. Once the attack traffic reaches the victim computer, SP2 security software is ineffective in preventing the resource exhaustion caused by the attack, even if it is configured to drop the ICMP messages.