reflexion and amplification attacks

Thu 13 February 2014

Distributed reflection (Photo credit: Wikipedia)

Reflection attacks are well known. To explain them, I won’t use Bob and Alice because they are needed in another protocol description . Let’s use French femal names.Let’s say Gertrude wants to attack Thérèse .  Gertrude knows that Henriette ‘s computer is online. Gertrude sends a packet to Henriette saying the source is Thérèse. Henriette will answer to Thérèse. Thérèse witness an unsolicited answer from Henriette. Now imagine ther is a lot of Henriette. This is the basis of reflection attacks. An easy way to do such an attack is to use ping ( ICMP echo ). For example, in GNU environment (take care of lawful stuff before doing so)

ping -c 1 -I [Thérèse's IP] [Henriette's IP]

reflexion illustration

Now imagine you’re on the internet, there are a lot of Henriette answering automatically. This is the basis of distributed reflection attacks.
Then imagine some protocols where the answer can be quite bigger than the request. This is the basis of amplification.

And for fun, think about the fact that many attacks are launched in a distributed way  using a botnet. Now you’re ready to read the following articles:

(Non-)Related articles

Enhanced by Zemanta

Related articles (or not):

Category: network security Tagged: Denial-of-service attack Domain Name System GNU Network Time Protocol