An attacker sends UDP packets to the network where the target host resides. The source IP addresses of UDP packets are the IP address of the target host, the destination IP addresses of UDP packets are the broadcast address or network address of the subnet where the target host resides, and the destination port is port 7 or port 19. In this case, a large volume of traffic occurs on the attacked network. As a result, the attacked network is congested or the target host crashes.
After receiving UDP packets whose destination port numbers are 7 (echo) or 19 (chargen), the host makes responses. After receiving a UDP packet whose destination port number is 7, the host responds to the received contents. After receiving a UDP packet whose destination port number is 19, the host generates a character stream. Similar to the two ICMP ports, the two UDP ports generate massive useless response packets and exhaust network bandwidths.
The attacker can send UDP packets to the network where the target host is located. The source IP addresses of the UDP packets are the IP address of the target host, the destination IP addresses of the UDP packets are the broadcast address or network address of the subnet where the target host is located, and the destination port is port 7 or port 19. On the subnet, each system enabled with this function sends a response message to the target host. Therefore, heavy traffic is generated and the bandwidth is exhausted, thus congesting the target network or making the target host crash.
Systems not enabled with this function return ICMP unreachable messages; therefore, the bandwidth is also occupied. If the attacker changes the source port number to 19 and the destination port number to 7, massive response packets are continuously generated and greater damages are caused.
After Fraggle attack defense is enabled, the FW checks the incoming UDP packets. If the destination port number is 7 or 19, the FW directly discards the packets and logs the attack.