Page 1205 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1205

threat for systems that need persistent sessions to maintain data
                  with other systems. When the session is reestablished, they need to

                  re-create the data so it’s much more than just sending three
                  packets back and forth to establish the session.




               Smurf and Fraggle Attacks

               Smurf and fraggle attacks are both DoS attacks. A smurf attack is
               another type of flood attack, but it floods the victim with Internet
               Control Message Protocol (ICMP) echo packets instead of with TCP
               SYN packets. More specifically, it is a spoofed broadcast ping request
               using the IP address of the victim as the source IP address.

               Ping uses ICMP to check connectivity with remote systems. Normally,
               ping sends an echo request to a single system, and the system

               responds with an echo reply. However, in a smurf attack the attacker
               sends the echo request out as a broadcast to all systems on the
               network and spoofs the source IP address. All these systems respond
               with echo replies to the spoofed IP address, flooding the victim with
               traffic.

               Smurf attacks take advantage of an amplifying network (also called a
               smurf amplifier) by sending a directed broadcast through a router. All

               systems on the amplifying network then attack the victim. However,
               RFC 2644, released in 1999, changed the standard default for routers
               so that they do not forward directed broadcast traffic. When
               administrators correctly configure routers in compliance with RFC
               2644, a network cannot be an amplifying network. This limits smurf

               attacks to a single network. Additionally, it is common to disable ICMP
               on firewalls, routers, and even many servers to prevent any type of
               attacks using ICMP. When standard security practices are used, smurf
               attacks are rarely a problem today.

               Fraggle attacks are similar to smurf attacks. However, instead of using
               ICMP, a fraggle attack uses UDP packets over UDP ports 7 and 19. The
               fraggle attack will broadcast a UDP packet using the spoofed IP

               address of the victim. All systems on the network will then send traffic
               to the victim, just as with a smurf attack.
   1200   1201   1202   1203   1204   1205   1206   1207   1208   1209   1210