|•This is a diagram of a “Smurf” or “Fraggle”
|•The single stream from the perpetrator to the
broadcast LANrepresents the flow of information from the perpetrator to the
broadcast LAN, usually several packets per second of ICMP echo (“Smurf”) or
UDP echo (“Fraggle”) traffic spoofed to look like it is coming from the
|•If the router at the edge of the LAN forwards
the broadcast ping to the LAN, each device on the LAN will respond with an
echo-reply (ICMP) or will bounce the traffic (UDP), creating a multiplication
of the original traffic flow. The
traffic is then directed to the victim.
|•There are usually several bounce sites
involved, used to increase the factor by which traffic is multiplied.
|•This attack is characterized by many ICMP echo
reply packets at the victim’s site or many UDP packets involving the
diagnostic “echo” port.