Slide 7 of 16
Notes:
- Attackers are still using “Smurf” and “Fraggle” widely, due to the powerful nature of the attack. “Fraggle” was just released in March, billed as “udpsmurf” as well.
- However, the results of the attack have been reduced greatly; what was once an average of 80 Mbps of traffic from a “Smurf” attack is now less than 4 Mbps, still overpowering a T1 or dial-up connection.
- This reduction is a result of several methods of education:
- White paper on smurf/fraggle
- http://www.quadrunner.com/~chuegen/smurf.txt
- Attacked NOCs using network flow information to mail the contacts for networks used in the attack (the “bounce sites” as described in the white paper)
- Security advisory from CERT, passed on by NASIRC, CIAC, FedCIRC
- Mailing lists