UDP amplification attacks, also termed by US-Cert as “distributed reflective denial-of-service” (DRDoS), is a type of DDoS attack relying on. The DNS Distributed Reflection Denial of Service (DrDoS) technique relies on the exploitation of the Domain Name System (DNS) Internet protocol. The latest development is the Distributed Reflection Denial of Service attack ( DrDoS); the stronger, uglier version of a DDos.

Author: Jurg Mezticage
Country: Laos
Language: English (Spanish)
Genre: Photos
Published (Last): 25 September 2004
Pages: 119
PDF File Size: 7.67 Mb
ePub File Size: 4.65 Mb
ISBN: 415-3-43099-236-7
Downloads: 97378
Price: Free* [*Free Regsitration Required]
Uploader: Gardamuro

DrDoS DNS Reflection Attacks Analysis

A Distributed Denial of Service DDoS is a method of attack to make online services unavailable to intended users by overwhelming a target server with more junk traffic than it can possibly handle. These types of attacks are typically carried out by attackers using drxos system of botnets to increase its effectiveness. DDoS attacks have been growing in scale and intensity the past years frdos its effects felt widely; such as the Mirai botnet that disrupted the U.

UDP amplification vulnerability occurs when a publicly available UDP-based service, such as DNS, responds with more data back to the requestor than was formed from the initial request. UDP amplification attacks attak on the fact that UDP is a connection-less protocol, it does not validate the source address of an IP packet.


The attacker is then able to spoof the source IP address of the target, send large number of requests to its known list of vulnerable UDP server endpoints from the spoofed IP address, and waits for the susceptible server endpoints to send its set drdoos larger responses back to the target IP address.

A 4-byte spoofed UDP request that elicits bytes of response from a server is attadk to achieve a x bandwidth amplification factor BAF. DNS is not the only service that can be used, other application-layer protocols are open to be drddos. Potential attack vectors include: The impact is apparent if using such attacks is able to effectively prevent large business websites or government websites from providing their system and services to its employees, customers and the general population.

The intensity of a DRDoS attack is only attcak by the number of systems being controlled by the attacker, the number of publicly available UDP servers that are known to be susceptible to amplification attacks, and the amount of packets those vulnerable servers responds back with.

DDoS attacks and its results are relatively easy and cheap to produce.

With the influx of Internet of Things devices and insecure practices when producing new technologies to be the first to market, attackers are able to easily find and exploit vulnerabilities to make botnets that drive the illegal industry. It is important for network administrators and Internet Service Providers to implement anti-spoofing security features and heed best security practices from reliable sources.


UDP amplification attacks succeed by relying on UDP being spoof-able, the attackers reflect these spoofed UDP packets to send large number of requests to vulnerable public servers, the servers then respond to these relatively small byte-sized requests with much larger data packets, amplifying the effects. However, with good network practices to be followed by Internet Service Providers and network administrators, these types of attacks can be mitigated.

No Sooner Did the Ink Dry: Retrieved June 29,from https: Retrieved June 28,from https: July 5, DRDoS: Use atrack flow to detect spoofed packets Use network flow or other summarized network data to monitor for an unusual number of requests to at-risk UDP services.

DrDoS DNS Reflection Attacks Analysis

Use network flow to detect service anomalies. Regularly update software and configurations to deny or limit abuse. Disable and remove unwanted services, or deny access to local services over the Internet.

Use traffic shaping on UDP service requests to ensure repeated access to over-the-Internet resources is not abusive.