Author Topic: Smurf Attack and Fraggle Attack..?  (Read 1216 times)


  • Green Belt
  • *****
  • Posts: 216
  • Karma: +0/-0
Smurf Attack and Fraggle Attack..?
« on: October 04, 2013, 07:58:53 AM »
Smurf Attack and Fraggle Attack...?

The "smurf" attack, named after its exploit program, causes Denial of Service in a network. The two main components to the smurf denial-of-service attack are the use of forged ICMP echo request packets and the direction of packets to IP broadcast addresses. When smurfing, an attacker sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of it having a spoofed source address of a victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply each, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, there could potentially be hundreds of machines to reply to each packet.

A similar attack to the "smurf" attack is called "fraggle" attack, which uses UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of "smurf". Fraggle uses User Datagram Protocol (UDP) echo packets directed at the Unix UDP services echo (port 7), chargen (port 19), daytime (port13) and qotd (port 17).

For both the SMURF attack and the Fraggle attack, there are three parties in these attacks: the attacker, the intermediary, and the victim (note that the intermediary can also be a victim). In other words, you can be affected in one of several ways:

As a victim or target of the attack
As a network which is abused to amplify the attack
As a party harboring the instigator of the attack
Both the intermediary and victim of this attack may suffer degraded network performance both on their internal network or on their connection to the Internet. Performance may be degraded to the point that the network cannot be used.

Attackers have developed automated tools that enable them to send these attacks to multiple intermediaries at the same time, causing all of the intermediaries to direct their responses to the same victim. Attackers have also developed tools to look for network routers that do not filter broadcast traffic and networks where multiple hosts respond. These networks can the subsequently be used as intermediaries in attacks.