Blog

DNS amplification attacks are a version of distributed denial-of-service attacks (also known as DDoS). These DNS amplification attacks use DNS servers as amplifiers. According to the Shadowserver Foundation, there are more than 3,5 million DNS servers on the planet.

The Link11 Security Operation Center (LSOC) constantly monitors developments in online DDoS attacks and publishes its analysis each quarter. In the latest issue (Q4 2017), the danger of multivector attacks was particularly noticeable in 13,452 of the attacks investigated. For the first time, 12 attack vectors were detected in a single attack.

Digital gaming is booming. Once a personal hobby confined to people’s homes, online gaming is now a professional sport that attracts stadium audiences, like track and field events. Should they go down due to DDoS attacks, it may lead to financial or organizational issues, or even to the rescheduling of entire events.

Just like PDF tools or programs for blocking online ads, tools for running DDoS attacks can be simply downloaded from the internet, free of charge. One of these programs is called X4U Doser. It enables anyone to launch DDoS attacks on targets of their choosing, even without any in-depth technical knowledge.

IoT devices and industrial machinery are increasingly targeted by professional cyber-attacks, especially DDoS attacks. Preventing this kind of attack is the companies’ responsibility.

The relevance of SSL encryption is on the rise, making online shopping and banking more secure. Today, more than 70 % of global website traffic is HTTPS-encrypted. The increase of SSL encryption accompanies the rising number of SSL DDoS attacks.

In late February 2018, the Link11 Security Operation Center discovered massive UDP attacks using UDP source port 11211. This type of attack was previously unknown. These current attacks thus represent the appearance of a new amplification vector, which the Link11 DDoS security experts call "Memcached Reflection" after initial analysis.

A rising number of attacks, new emerging vectors and botnets and overall more aggressiveness is shifting the focus of unsecured organizations on DDoS attacks. There was an increasing number and duration of attacks throughout the past months along with an average rise of bandwidth.

To understand IP fragmentation attacks, it is important to understand IP fragmentation first. IP communication is used to exchange data packets on the internet. Between their source and their target, the packets often have to be passed along by various connection technologies and systems.

The CHARGEN protocol, also known as the Character Generator Protocol, is a network service defined in 1983. Its specifications are laid out in RFC 864. CHARGEN was developed to simplify testing, troubleshooting and evaluating networks and applications. The Character Generator Protocol is based on the simple idea of providing a service that can be accessed both by TCP and UDP protocol (via port 19).