Smurf attack, also known as ICMP Echo Request, is a distributed reflection denial of service (DRDoS).

Othe examples of DRDoS are DNS poisoning and fraggle attack.

Description of smurf attack

Smurf attack is performed as follows:

  1. First, the malware creates a network packet attached to a false IP address representing the victim — a technique known as “spoofing.”
  2. Inside the packet there is an ICMP ping message, asking network nodes that receive the packet to send back a reply
  3. These replies, or “echoes,” are then sent back to network IP addresses again, setting up an infinite loop.

How to prevent smurf attack

If the system is configured according to RFC 2644 (that was released in 1999), routers no longer forward directed broadcast traffic and they cannot be used as smurf amplifiers.

ICMP is frequently disabled on firewalls, routers and even many servers. When done, smurf attack is prevented.

Fraggle Attack

Fraggle attack is a variation of the smurf attack.

The attacker sends a large amount of UDP traffic to ports 7 (Echo) and 19 (CHARGEN). It works similarly to the smurf attack in that many computers on the network will respond to this traffic by sending traffic back to the spoofed source IP of the victim, flooding it with traffic.

The name comes from the creatures in the puppet TV series Fraggle Rock.

External references

  • What is a smurf attack?“; Kaspersky
  • Smurf attack“; Wikipedia
  • “CISSP Official Study Guide 9th Edition”; Chapple et al; section “Smurf and Fraggle Attacks”, p. 816; Wiley, 2021


    • Thanks Daniel for reporting the broken link. Unfortunately, I do not see any link to “TCP Communication Flags” on this “Smurf Attack” post. Probably it was another one, could you please specify where you found it and provide a link?

Leave a Reply

Your email address will not be published. Required fields are marked *