A Distributed Reflection Denial of Service (DrDoS) attack is made by sending a fake request to the attacker’s target computer system, by changing the source address to the address of the target computer.
DrDoS (Distributed Reflection Denial of Service)
DoS attacks are performed to prevent the target computer from serving. In our previous article, we briefly talked about what DoS and DDoS are. In this article, we will talk about the Distributed Reflection Denial of Service attacks.
In this attack type, it is a type of DDoS attack and the biggest difference is that it is done by misleading by changing the source address to the target computer address. These attacks are the most effective and permanent attacks.
These attacks are done using multiple computer groups as in DDoS attacks. Using these groups, attacks against the victim computer are directed or reflected.
In this attack type, server computers are used in addition to the end-user computers.
Protocols Used in Attack
The protocols used in the attack are listed below.
1. DNS (Domain Name System)
2. NTP (Network Time Protocol)
3. SNMP (Simple Network Management Protocol)
4. CHARGEN (Character Generator Protocol)
Attackers control the Handlers for attacks. The main intent of the attacker is to shut down the services of the victim computer.
Masters or Handlers control Slave machines and make Slave machines ready for attack.
Slave machines are controlled by the Handlers. The slave machines send the victim computer’s IP address as the source address to the Reflector.
Reflector machines reflect response packets as large volumes of traffic on the victim’s computer.
The victim can be a server or a computer. During the attack, the services of the victim computer become inaccessible to locally accessible users.
How to Prevent These Attacks?
It is almost impossible to prevent these attacks. However, in order to mitigate these attacks, devices such as Firewall and Intrusion Detector are required in our network environment.
To prevent or mitigate such attacks, the following solutions can be applied.
1. Internet Service Providers must reject UDP traffic spoofed with fake IP addresses.
2. Continuous network traffic should be monitored to predict attacks.
3. You must use DNSSEC extensions to prevent DNS-based attacks.
4. If the network does not belong to a business environment, the protocols mentioned above should be closed.
5. System updates should always be performed to avoid these attacks.
In this article, we briefly talked about the definition of DrDoS and how to attack it. Thanks for following us!