A Christmas tree attack sends a large number of Christmas tree packets to an end device. A Christmas tree packet has all the options set so that any protocol can be used. The name is derived from the idea that all the settings are turned to “on” within the packet so it is lit up like a Christmas tree.

Christmas tree packets require much more processing by routers and end devices than other packets. Large numbers of these packets can use up so much processing power that it ties up these devices effectively making any other task nearly impossible thus denying service to legitimate traffic.

Receiving these types of packets is not usual and therefore should be regarded as suspicious. Intrusion detection systems can detect these packets as do some firewalls.