“Smurf” and “Fraggle” trend

• Smurf attacks are still “in style” for attackers - Fraggle released March ‘98

• Significant advances made in reducing the effects

  Education campaigns through the use of a white paper and other education by NOCs has reduced the average “smurf” or “fraggle” attack from 80 Mbits/sec to less than 5 Mbits/sec
  

• Most attacks can still inundate a T1 link

Previous slide

Next slide

Back to first slide

View graphic version

• Attackers are still using “Smurf” and “Fraggle” widely, due to the powerful nature of the attack. “Fraggle” was just released in March, billed as “udpsmurf” as well.

• However, the results of the attack have been reduced greatly; what was once an average of 80 Mbps of traffic from a “Smurf” attack is now less than 4 Mbps, still overpowering a T1 or dial-up connection.

• This reduction is a result of several methods of education:
  • White paper on smurf/fraggle
    • http://www.quadrunner.com/~chuegen/smurf.txt
  • Attacked NOCs using network flow information to mail the contacts for networks used in the attack (the “bounce sites” as described in the white paper)
  • Security advisory from CERT, passed on by NASIRC, CIAC, FedCIRC
  • Mailing lists