Published November 11, 2013
Reflection attacks have two victims: the unwilling third-party server that is compelled to launch distributed denial of service (DDoS) attack traffic and the attackers’ intended DDoS target. For both victims the effect is similar – slow performance or an outage that prevents legitimate users from accessing the targeted site.
Learn how the powerful tools, methods and services in the underground DDoS marketplace can launch devastating reflection attacks targeting your organization
In 2013, Distributed Reflective Amplification Denial of Service (DrDoS) attacks against enterprises in multiple industries increased significantly. These attacks inundate the target with floods of Layer 3 requests that make use of network protocols such as DNS, SNMP and CHARGEN, a protocol that many consider to be obsolete.
The use of DDoS attacks that take advantage of reflection techniques can be attributed to the increase in the number of misconfigured servers. In addition, the DDoS-as-a-Service marketplace makes acquiring lists of misconfigured services simple for would-be attackers.
The commodification of lists of vulnerable servers is not a new phenomenon within the underground. However, the surge in availability and demand for lists of servers specifically vulnerable to reflection attacks was first observed in 2013.