Fraggle Attack
What is Fraggle Attack?
Fraggle AttackA UDP variant of the Smurf attack that sends spoofed UDP echo or chargen packets to a network's broadcast address, causing every responding host to flood the victim.
Fraggle is the UDP analogue of Smurf. The attacker sends spoofed UDP packets (typically to the echo port 7 or chargen port 19) to a network's directed broadcast address, with the source IP forged as the victim's. Every host that runs the targeted UDP service replies — sometimes with chargen producing far larger responses than the request — and the resulting flood is sent to the victim. Like Smurf, Fraggle relied on directed broadcasts and on services that are now considered legacy. Defences include disabling IP directed broadcast, turning off echo/chargen and similar legacy UDP services, ingress source-address filtering (BCP 38), and rate-limiting UDP responses. Modern environments rarely expose these conditions, but unmanaged or legacy networks remain at risk.
● Examples
- 01
An attacker spoofs the victim's IP and sends UDP chargen packets to the broadcast of legacy subnets, amplifying traffic toward the victim.
- 02
An old industrial network where echo/chargen are enabled is used to attack an external target.
● Frequently asked questions
What is Fraggle Attack?
A UDP variant of the Smurf attack that sends spoofed UDP echo or chargen packets to a network's broadcast address, causing every responding host to flood the victim. It belongs to the Attacks & Threats category of cybersecurity.
What does Fraggle Attack mean?
A UDP variant of the Smurf attack that sends spoofed UDP echo or chargen packets to a network's broadcast address, causing every responding host to flood the victim.
How do you defend against Fraggle Attack?
Defences for Fraggle Attack typically combine technical controls and operational practices, as detailed in the full definition above.