Class: Attack
A broadcast storm is a networking situation in which messages are broadcast on a network, and each message prompts a receiving node to respond by broadcasting its own messages on the network that in turn prompt further responses, and so on. This snowball effect can have a serious negative impact on network performance.
In Layer II routing, broadcast storms can be perpetrated by using redundant links to ensure connectivity with other network switches in a (typically large) network. In this case, if no loop avoidance systems are put in place a switch can endlessly broadcast frames throughout the network. This is because of misleading entries in a switch's MAC database.
Various technologies exist to stop loops occurring including Spanning Tree Protocol, and other vendor propriatary solutions.
A broadcast storm can be instigated by a computer hacker in a denial of service (DOS) attack. Proven methods of attack include smurf.c and fraggle.c, where smurf sends a large amount of ICMP Echo Requests (ping) traffic to a broadcast address, with each ICMP Echo packet containing the spoof source address of the victim host.
When the spoofed packet arrives at the destination network, all hosts on the network reply to the spoofed address. The initial Echo Request multiplied by the number of hosts on the network. This generates a storm replies to the victim host tying up network bandwidth, using up CPU resources or possibly crashing the victim. Correctly configured firewalls detect these types of attack
