The Smurf attack works in two stages and paralyzes two networks at once. In the first step a ping (ICMP echo request) packet with a fake sender address is sent to the broadcast address of the first network. Now all workstations in this network respond with an ICMP echo reply to the fake sender address, which is located in the second network. If the rate of the incoming echo requests and the number of responding computers is high enough, the entire incoming traffic of the second network is blocked for the duration of the attack and, furthermore, the owner of the fake address is unable to accept normal data for this time. If the fake sender address is also the broadcast address of the second network, then all of the computers in this network are blocked as well.
In this case, DoS detection in the device blocks packets that are directed to the local broadcast address.
