Distributed denial-of-service attacks are a big problem for organizations of all sizes. But not all DDoS attacks are the same. Understanding the different types of DDoS attacks is important for performing effective mitigation. This article focuses on Smurf – and related Fraggle – attacks, which are one technique hackers have in their arsenal to target companies.
With a Smurf attack, perpetrators broadcast large numbers of spoofed Internet control message protocol (ICMP) packets to a computer network using an IP broadcast address. A Fraggle attack uses spoofed user datagram protocol (UDP) traffic rather than ICMP traffic.
1. A successful Smurf or Fraggle attack can cripple your servers for hours, or even days.
The risks of any DDoS attack are well understood, but they can be devastating to a business. If a Smurf or Fraggle DDoS attack does succeed, it can take your company servers down for a significant period of time – hours or even days. This interruption to business can result in lost revenue, frustrating customers and harming your business’ reputation.
2. A Smurf or Fraggle attack could be a cover-up for something much worse.
There are many reasons perpetrators target systems. In some cases, denial of service may be the end goal. But this kind of attack can also be used to cover up other, more nefarious activities, such as theft of toxic data. If you get hit by a Smurf or Fraggle attack, you want to detect and stop it immediately, but you also want to look for evidence of any other unwanted behavior on the network.
3. Users could download a Smurf or Fraggle Trojan.
Users could inadvertently download a Smurf or Fraggle Trojan from an unverified website or an infected email link. Preventing your systems from communicating with systems on a blacklist can help eliminate one point of entry for attackers.
4. There are two types of Smurf and Fraggle victims.
In addition to the network targeted by the traffic surge, attackers find helper or intermediary networks to exploit to generate the ICMP or UDP traffic. So, not only do you want to avoid being targeted by the DDoS attack, you also want to avoid having your network used as an amplifier. Configure your routers to disallow IP-directed broadcast transmissions.
5. Tracking down a perpetrator requires a detailed forensic investigation.
If you do get hit by a Smurf or Fraggle attack, once you’ve mitigated the immediate problem, you need to decide whether you’re going to involve law enforcement, which will require that you preserve all digital evidence.
6. FlowTraq can help.
There are a number of things that you can to identify and stop a Smurf or Fraggle attack. You can block directed broadcast traffic coming onto the network, and you can configure hosts and routers to not respond to ICMP or UDP echo requests.
But you want to make sure that all your security bases are covered. FlowTraq excels at identifying reconnaissance, which can help prevent an attack from happening. But even if you do get hit by a Smurf or Fraggle attack, FlowTraq can detect it within seconds, before there’s irreparable harm to availability – and your organization’s business and reputation. And FlowTraq provides you with critical detail so that you can perform a complete forensic analysis, whether you plan to involve law enforcement or just want to determine exactly what happened and when.
Protect yourself against Smurf, Fraggle, and other DDoS attacks – along with a range of other security threats – with FlowTraq.