General Questions

Any ideas how to stop a smurf attack, our network is grinding to a halt and crashing regularly.

Thanks

I would get my upstream provider involved with getting this stopped. Something tells me that "solving" the problem at your border where you have control isn't going to do anything to reduce the load.

Very unusual (to me at least) that there are hosts/networks out there that are still exploitable this way. Are you sure it's really a smurf attack?

This is the message i get from my firewall

Denial of Service "Smurf" attack detected.
Description:
 A Smurf attack occurs when a hacker spoofs your system's IP address and then broadcasts a ping request to several subnets. The resulting deluge of ping responses ties up your system as well as the various network subnets pinged.

These are happening almost every minute. I have tried blocking all icmp traffic thru the webgui and also thru my own firewall but no joy.

Unfortunately I am not the isp account holder, the people who are seem reluctant to do anything about it, i only have access to the gui interface.

This is the message i get from my firewall

Denial of Service "Smurf" attack detected.
Description:
 A Smurf attack occurs when a hacker spoofs your system's IP address and then broadcasts a ping request to several subnets. The resulting deluge of ping responses ties up your system as well as the various network subnets pinged.

These are happening almost every minute. I have tried blocking all icmp traffic thru the webgui and also thru my own firewall but no joy.

Unfortunately I am not the isp account holder, the people who are seem reluctant to do anything about it, i only have access to the gui interface.

You get that message from m0n0wall?

The problem is, if the attacker is smurfing another ISP and causing the fake traffic to return to you, your ISP might not be able to do anything about it at first except tell the other ISP to quit it.

For now, m0n0wall isn't "ping"-able by default, so the blocking rule will help at least on the upstream end of your connection.  The downstream is probably getting saturated with constant "replies". Is your WAN IP static or dynamic?

Something else to try, old trick at least if you can.  Leave your ISP connection off overnight or just for a really long time. This will help stop the traffic at your ISP border, it might finally get their attention since the attack will affect them more now that there isn't anywhere to route those "fake" reply packets.