Thu 13 February 2014

Distributed reflection (Photo credit: Wikipedia)

Reflection attacks are well known. To explain them, I won’t use Bob and Alice because they are needed in another protocol description . Let’s use French femal names.Let’s say Gertrude wants to attack Thérèse .  Gertrude knows that Henriette ‘s computer is online. Gertrude sends a packet to Henriette saying the source is Thérèse. Henriette will answer to Thérèse. Thérèse witness an unsolicited answer from Henriette. Now imagine ther is a lot of Henriette. This is the basis of reflection attacks. An easy way to do such an attack is to use ping ( ICMP echo ). For example, in GNU environment (take care of lawful stuff before doing so)

ping -c 1 -I [Thérèse's IP] [Henriette's IP]

And for fun, think about the fact that many attacks are launched in a distributed way  using a botnet. Now you’re ready to read the following articles:

(Non-)Related articles

• UDP-based DDoS (DNS, NTP, etc.,) – on the rise? (nsfocusblog.com)
• SNMP DDoS Vector – Secure Your Network NOW! (www.spamhaus.org)
• Les attaques par réflexion utilisant NTP (www.bortzmeyer.org)
• Attaques par réflexion : DNS, SNMP mais aussi… (www.bortzmeyer.org)
• Biggest DDoS ever aimed at Cloudflares content delivery network (ArsTechnica) (arstechnica.com)
• NTP Amplification Blamed for 400 Gbps DDoS Attack (threatpost.com)
• Technical Details Behind a 400Gbps NTP Amplification DDoS Attack (cloudflare.com)
• Deep Inside a DNS Amplification DDoS Attack (cloudflare.com)

Category: network security Tagged: Denial-of-service attack Domain Name System GNU Network Time Protocol