Reflection Amplification Vectors: a Chronology
The first reflection amplification vectors occurred in 2013 and involved DNS and NTP. Since then, the spectrum of vectors has become far greater. Currently, there are over 20 techniques.
DDoS attackers abuse a multitude of Internet protocols to reinforce their attacks. Most techniques, also called vectors, belong to the reflection amplification category. DDoS reflection involves guiding the reply of a service to the IP address of the victim. The side effect is that the attack is virtually untraceable. This is called spoofing. Popular reflectors are DNS, NTP or CLDAP servers. The goal of DDoS amplification is to ensure that the reply packages sent to the spoofed sender are much bigger than the queries. This reinforcement potential is known as the amplification factor. In particular cases, a DNS server can reply to a 60-byte query with more than 3,000 bytes. This involves a amplification factor of 50. According to US Cert, the greatest known factor is 51,000 and can be achieved by memcached servers.
The first reflection amplification vectors occurred in 2013 and involved DNS and NTP. Since then, the spectrum of vectors has become far greater. Currently, there are over 20 techniques, including Memcached Reflection and CLDAP, and, since the second half of 2019, the WS Discovery and Apple Remote vectors. The chronology shows the occurrence of the most important vectors, along with their potential for danger.
Attackers constantly identify new vulnerabilities, inadequately protected Internet services, and open services that can be misused for overload attacks. It is only a matter of time before cybercriminals discover the next long-established protocol for DDoS attacks.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
A simple visualization of how the Underground Cybercrime Economy cashes in on data and DDoS attacks. To learn more,…
9 Retweets 10Read More
How to protect your business and website from DDoS attacks during the biggest sales period of the year:…
5 Retweets 6Read More
What are DDoS Attacks and how do cybercriminals use them as weapons to shut down IT infrastructures? And more impor…
7 Retweets 5Read More
This is why (and how) you should block bots on your business website (includes a list of most common bot attacks):…
13 Retweets 9Read More
What is Web Application Firewall, why do you need it and how does it protect your company? Learn more by reading ou…
3 Retweets 5Read More
@RandyLoss Hah, you weren't the only one saying that.
0 Retweets 0
@vxtrade Your company might ;)
0 Retweets 1
@deckhand25 He is not, but close enough! ;)
0 Retweets 1
What would you do if you received a 180 000€ DDoS extortion email warning to exceed your web infrastructure defense…
1 Retweets 4Read More
Get a detailed and up to date overview of the global DDoS threat landscape by taking a look at our DDoS Report from…
6 Retweets 5Read More
@SecurityParalok Link11 DDoS Protection can help!
0 Retweets 0