“Smurf” and “Fraggle” trend
Smurf attacks are still “in style” for attackers - Fraggle released March ‘98
Significant advances made in reducing the effects
Education campaigns through the use of a white paper and other education by NOCs has reduced the average “smurf” or “fraggle” attack from 80 Mbits/sec to less than 5 Mbits/sec
Most attacks can still inundate a T1 link
Notes:
- Attackers are still using “Smurf” and “Fraggle” widely, due to the powerful nature of the attack. “Fraggle” was just released in March, billed as “udpsmurf” as well.
- However, the results of the attack have been reduced greatly; what was once an average of 80 Mbps of traffic from a “Smurf” attack is now less than 4 Mbps, still overpowering a T1 or dial-up connection.
- This reduction is a result of several methods of education:
- White paper on smurf/fraggle
- http://www.quadrunner.com/~chuegen/smurf.txt
- Attacked NOCs using network flow information to mail the contacts for networks used in the attack (the “bounce sites” as described in the white paper)
- Security advisory from CERT, passed on by NASIRC, CIAC, FedCIRC
- Mailing lists