Craig A. Huegen <chuegen@cisco.com>
Network-Based Denial of Service Attacks
SANS ‘98 5
“Smurf” and “Fraggle”
•Very dangerous
attacks
Network-based,
fills access pipes
Uses ICMP
echo/reply (smurf) or UDP echo (fraggle) packets
with broadcast networks to multiply traffic
Requires the
ability to send spoofed packets
•Abuses
“bounce-sites” to attack victims
Traffic
multiplied by a factor of 50 to 200
Low-bandwidth
source can kill high-bandwidth connections
•Similar
to ping flooding, UDP flooding but more dangerous
due to traffic multiplication