Select Page

Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory.

“The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack,” Akamai researchers said in a report published Tuesday.

“This type of attack dangerously lowers the bar for DDoS attacks, as the attacker needs as little as 1/75th (in some cases) the amount of bandwidth from a volumetric standpoint,” the researchers added.

A distributed reflective denial-of-service (DRDoS) is a form of distributed denial-of-service (DDoS) attack that relies on publicly accessible UDP servers and bandwidth amplification factors (BAFs) to overwhelm a victim’s system with a high volume of UDP responses.

In these attacks, the adversary sends a flood of DNS or NTP requests containing a forged source IP address to the targeted asset, causing the destination server to deliver the responses back to the host residing at the spoofed address in an amplified manner that exhausts the bandwidth issued to the target.

 

images from Hacker News