An attacker sends an ICMP request with a destination IP address whose host portion is a multicast IP address, all 1s, or all 0s. which leads to all hosts or specified hosts on the attacked network responding to the ICMP request. Thus, the network crashes or hosts break down.
In a Smurf attack, an attacker uses the target's IP address to send ICMP request packets where the host portion of the destination address is a multicast IP address, all 1s or 0s. As a result, all hosts on the network send ICMP reply packets to the target, which leads to the target becoming too busy to respond and links to be congested.
The Smurf attack defense function checks whether an ICMP request packet is destined for addresses on the subnet where the host portion is a multicast IP address, all 1s or 0s. If so, the packet is discarded.