A Distributed Reflection Denial of Service (DDoS) attack is made by sending a fake request to the attacker’s target computer system by changing the source address to the address of the target computer.
DrDoS (Distributed Reflection Denial of Service)
DoS attacks are performed to prevent the target computer from serving. In our previous article, we briefly talked about DoS and DDoS. In this article, we will talk about the Distributed Reflection Denial of Service attacks.
This attack type is a type of DDoS attack, and the most significant difference is that it is done misleadingly by changing the source address to the target computer address. These attacks are the most effective and permanent.
These attacks are done using multiple computer groups, such as DDoS attacks. Using these groups, attacks against the victim’s computer are directed or reflected.
In this attack type, server computers are used in addition to the end-user computers.
Protocols Used in Attack
The protocols used in the attack are listed below.
- DNS (Domain Name System)
- NTP (Network Time Protocol)
- SNMP (Simple Network Management Protocol)
- CHARGEN (Character Generator Protocol)
- SNMPv2
- NetBIOS
- SSDP
- QOTD
Components
- Attacker
Attackers control the Handlers for attacks. The primary intent of the attacker is to shut down the services of the victim’s computer.
- Master
Masters or Handlers control Slave machines and make Slave machines ready for attack.
- Slave
The Handlers control slave machines. The slave machines send the victim computer’s IP address as the source address to the Reflector.
- Reflector
Reflector machines reflect response packets as large volumes of traffic on the victim’s computer.
- Victim
The victim can be a server or a computer. During the attack, the services of the victim’s computer become inaccessible to locally accessible users.
How to Prevent These Attacks?
It is almost impossible to prevent these attacks. However, in order to mitigate these attacks, devices such as Firewalls and Intrusion Detectors are required in our network environment.
The following solutions can be applied to prevent or mitigate such attacks.
- Internet Service Providers must reject UDP traffic spoofed with fake IP addresses.
- Continuous network traffic should be monitored to predict attacks.
- It would be best if you used DNSSEC extensions to prevent DNS-based attacks.
- If the network does not belong to a business environment, the protocols mentioned above should be closed.
- System updates should always be performed to avoid these attacks.
Final Word
In this article, we briefly talked about the definition of DrDoS and how to attack it. Thanks for following us!