Slide 6 of 16
- This is a diagram of a “Smurf” or “Fraggle” attack.
- The single stream from the perpetrator to the broadcast LANrepresents the flow of information from the perpetrator to the broadcast LAN, usually several packets per second of ICMP echo (“Smurf”) or UDP echo (“Fraggle”) traffic spoofed to look like it is coming from the victim’s system.
- If the router at the edge of the LAN forwards the broadcast ping to the LAN, each device on the LAN will respond with an echo-reply (ICMP) or will bounce the traffic (UDP), creating a multiplication of the original traffic flow. The traffic is then directed to the victim.
- There are usually several bounce sites involved, used to increase the factor by which traffic is multiplied.
- This attack is characterized by many ICMP echo reply packets at the victim’s site or many UDP packets involving the diagnostic “echo” port.