Fraggle Attack: Definition, Damage, Defense & vs. Smurf
A Fraggle attack is similar to a Smurf attack.
These are both denial-of-service (DoS) techniques that aim to flood your system. But a Smurf attack involves sending internet control message protocol (ICMP) packets instead, whereas a Fraggle attack uses UDP protocol. Everything else is the same.
With a Fraggle attack, the problem starts when a large amount of spoofed user datagram protocol (UDP) traffic comes to your router’s broadcast address. Your server tries to respond, but the flood of packets continues. In time, your server seizes up due to the added activity.
How does a Fraggle attack work?
Plenty of companies use UDP to speed up their work and keep data flowing. If you do, you could be at risk for a Fraggle problem.
UDP speeds up communication between two systems. The systems don't need to establish formal ties or exchange credentials before the data starts flowing. One system points to another, and the first sends packets to the recipient.
UDP is useful when you need to send a large amount of data very quickly. Companies that use voice over IP, for example, don't want delays from authentication. They want to move as fast as possible. UDP makes that work.
A Fraggle attack harnesses UDP to overwhelm. Watch out for these steps that hackers often follow:
- Harvesting: Your server will be flooded by zombie computers. If you can find them, that can thwart the attack.
- Coding: Many Fraggle attacks start with a download. Attackers send this information via email, or they bury it within a website. When the download is complete, the attack can commence. Be wary of any suspect emails or downloads.
- Launch: Your system crashes as the packets come to you, seemingly from everywhere at once.
You may be under Fraggle attack if you notice:
- Unexplained crashes
- Far too much traffic coming in and little going out
- IP traffic from multiple hosts all using the same IP prefix
- Slow server performance
How dangerous is a Fraggle attack?
If hackers are talented and persistent, they can take your servers down and keep them that way for months or longer.
While you try to fix the damage, the hackers could tap into other parts of your system and steal or scramble your data. A coverup like this could be even more danger