A Distributed Reflection Denial of Service (DrDoS) attack is made by sending a fake request to the attacker’s target computer system, by changing the source address to the address of the target computer.
What is DrDoS?
DoS attacks are performed to prevent the target computer from serving. In our previous article, we briefly talked about what DoS and DDoS are. In this article, we will talk about the Distributed Reflection Denial of Service attacks.
The DrDoS attack is a type of DDoS attack, and the biggest difference is that it is misleading to change the source address to the destination computer address. These attacks are the most effective and most permanent attacks.
DrDoS attacks are also performed using multiple computer groups as in the same DDoS attacks. It attacks or reflects to the victim by using this computer group.
This type of attack uses server computers rather than end-user computers.
Protocols Used in Attack
The protocols used in the attack are listed below.
1. DNS (Domain Name System)
2. NTP (Network Time Protocol)
3. SNMP (Simple Network Management Protocol)
4. CHARGEN (Character Generator Protocol)
Attackers control the Handlers for attacks. The main intent of the attacker is to shut down the services of the victim computer.
Masters or Handlers control Slave machines and make Slave machines ready for attack.
Slave machines are controlled by the Handlers. The slave machines send the victim computer’s IP address as the source address to the Reflector.
Reflector machines reflect response packets as large volumes of traffic on the victim’s computer.
The victim can be a server or a computer. During the attack, the services of the victim computer become inaccessible to locally accessible users.
How to Prevent These Attacks?
It is almost impossible to prevent these attacks. However, in order to mitigate these attacks, devices such as Firewall and Intrusion Detector are required in our network environment.
To prevent or mitigate such attacks, the following solutions can be applied.
1. Internet Service Providers must reject UDP traffic spoofed with fake IP addresses.
2. Continuous network traffic should be monitored to predict attacks.
3. You must use DNSSEC extensions to prevent DNS-based attacks.
4. If the network does not belong to a business environment, the protocols mentioned above should be closed.
5. System updates should always be performed to avoid these attacks.
In this article, after the definition of DrDoS and briefly talked about how to make such an attack. Thanks for following us!