Unfortunately, there is no way you can completely protect your network against Smurf attacks.

You can, however, stop your network from being an amplifier by not allowing broadcast packets into your network:

  • Deny spoofed IP packets.
  • Stop ICMP replies from entering your network.

These countermeasures will protect your LAN but not its connection to the Internet. Raw power at your ISP and a Service Level Agreement (SLA) with your ISP is the best defense for your Internet connection.