Attack Behavior
-
Fraggle attack
Attackers use UPD port 7 to launch Fraggle attacks. Similar to ICMP echo, port 7 sends back the received packet payload without making any modifications to test the network connection between the source and destination. Fraggle attacks work similarly to Smurf attacks. In a Fraggle attack, the IP address of the intended victim is spoofed as the source IP address, the destination IP address is a broadcast address, the destination port is port 7, and the source port may be port 7 or another port. If the UDP echo service is enabled on many hosts on the broadcast network, the victim will receive a large number of response packets and get attacked.
-
UDP diagnosis port attack
If an attacker sends a multitude of packets to UDP diagnosis ports (7-echo, 13-daytime, and 19-Chargen) at the same time, a flood is caused, and network devices may fail to work properly. Many vendors enable some ports by default for network diagnosis or device management, which results in potential attacks.
Security Policy
To prevent UDP flood attacks, configure defense against UDP flood attacks on switches to enable them to discard UDP packets over ports 7, 13, and 19.
Configuration Method
Enable defense against UDP flood attacks. By default, this function is enabled.
<HUAWEI> system-view [HUAWEI] anti-attack udp-flood enable
