reflexion and amplification attacks
Thu 13 February 2014
Reflection attacks are well known. To explain them, I won’t use Bob and Alice because they are needed in another protocol description . Let’s use French femal names.Let’s say Gertrude wants to attack Thérèse . Gertrude knows that Henriette ‘s computer is online. Gertrude sends a packet to Henriette saying the source is Thérèse. Henriette will answer to Thérèse. Thérèse witness an unsolicited answer from Henriette. Now imagine ther is a lot of Henriette. This is the basis of reflection attacks. An easy way to do such an attack is to use ping ( ICMP echo ). For example, in GNU environment (take care of lawful stuff before doing so)
ping -c 1 -I [Thérèse's IP] [Henriette's IP]
And for fun, think about the fact that many attacks are launched in a distributed way using a botnet. Now you’re ready to read the following articles:
(Non-)Related articles
- UDP-based DDoS (DNS, NTP, etc.,) – on the rise? (nsfocusblog.com)
- SNMP DDoS Vector – Secure Your Network NOW! (www.spamhaus.org)
- Les attaques par réflexion utilisant NTP (www.bortzmeyer.org)
- Attaques par réflexion : DNS, SNMP mais aussi… (www.bortzmeyer.org)
- Biggest DDoS ever aimed at Cloudflares content delivery network (ArsTechnica) (arstechnica.com)
- NTP Amplification Blamed for 400 Gbps DDoS Attack (threatpost.com)
- Technical Details Behind a 400Gbps NTP Amplification DDoS Attack (cloudflare.com)
- Deep Inside a DNS Amplification DDoS Attack (cloudflare.com)
Related articles (or not):
Category: network security Tagged: Denial-of-service attack Domain Name System GNU Network Time Protocol