Fraggle Attack: Definition, Damage, Defense & vs. Smurf

A Fraggle attack is similar to a Smurf attack.

These are both denial-of-service (DoS) techniques that aim to flood your system. But a Smurf attack involves sending internet control message protocol (ICMP) packets instead, whereas a Fraggle attack uses UDP protocol. Everything else is the same. 

With a Fraggle attack, the problem starts when a large amount of spoofed user datagram protocol (UDP) traffic comes to your router’s broadcast address. Your server tries to respond, but the flood of packets continues. In time, your server seizes up due to the added activity. 

How does a Fraggle attack work? 

Plenty of companies use UDP to speed up their work and keep data flowing. If you do, you could be at risk for a Fraggle problem. 

UDP speeds up communication between two systems. The systems don't need to establish formal ties or exchange credentials before the data starts flowing. One system points to another, and the first sends packets to the recipient. 

UDP is useful when you need to send a large amount of data very quickly. Companies that use voice over IP, for example, don't want delays from authentication. They want to move as fast as possible. UDP makes that work. 

A Fraggle attack harnesses UDP to overwhelm. Watch out for these steps that hackers often follow:

  • Harvesting: Your server will be flooded by zombie computers. If you can find them, that can thwart the attack. 
  • Coding: Many Fraggle attacks start with a download. Attackers send this information via email, or they bury it within a website. When the download is complete, the attack can commence. Be wary of any suspect emails or downloads.
  • Launch: Your system crashes as the packets come to you, seemingly from everywhere at once.

You may be under Fraggle attack if you notice:

  • Unexplained crashes
  • Far too much traffic coming in and little going out 
  • IP traffic from multiple hosts all using the same IP prefix 
  • Slow server performance

How dangerous is a Fraggle attack? 

If hackers are talented and persistent, they can take your servers down and keep them that way for months or longer. 

While you try to fix the damage, the hackers could tap into other parts of your system and steal or scramble your data. A coverup like this could be even more dangerous than the original takedown. 

Preventing a Fraggle attack 

Fortunately, you can protect against a Fraggle attack relatively easily. Hackers need the perfect environment to launch a problem like this. And fortunately, one key element they need is somewhat uncommon. 

Modern routers rarely pass along broadcasts, which makes using zombie computers much more difficult. Most modern Fraggles come from a single network, and they're easier to spot. 

You can take commonsense prevention steps, such as:

  • Filtering. Ensure that you're examining data at the edge of your network where customers connect. 
  • Checking. Ensure that your router vendor can turn off the ability to spoof IP source addresses. Vendors should check the source address of a packet against the routing table. 

In addition, ensure that you're not leaving access points open. Disable protocols and services you don't need, and close ports that you're not currently using. 

If you are attacked, you can help the authorities catch the attacker. Your work could help prevent another company from falling victim. Follow these steps:

  • Record: Make notes about when the attack started, your IP address, and the attacker's IP address. 
  • Observe: Don't retaliate, but keep a close watch. 
  • Reset: Disconnect from your ISP and launch it again. 
  • Contact: If this doesn't help, reach out to your ISP and explain the situation. 

You'll also need to identify the vulnerabilities that led to the attack. Otherwise, the same problem could recur.

At Okta, we can help. Find out more about the products and services we offer to keep companies like yours safe and secure.

References

Are You Ready for These 26 Different Types of DDoS Attacks? (May 2020). Security. 

Router Expert: Smurf/Fraggle Attack Defense Using SACLs. (October 2002). TechTarget. 

Denial of Service Attacks: DDoS, Smurf, Fraggle, Trinoo. (March 2001). SANS Institute. 

Ethics in Computing. North Carolina State University.