Distributed Reflection DoS (DRDoS)

Distributed reflection DoS (DRDoS) is a malicious request to a legitimate server is created and sent as a link to the victim, so that a server-side flaw causes the malicious component to run on the target’s browser.

type of reflection attack
A more powerful TCP SYN flood attack
how it works
- adversary spoofs the victim’s IP address
- attempts to open connections with multiple servers
- servers direct their SYN/ACK responses to victim server
- rapidly consumes the victim’s available bandwidth
e.g., example of this technique
- bombard a victim network with responses to bogus DNS queries
- advantage
  - while the request is small, the response to DNS query can be made to include a lot of information
  - effective way of overwhelming the bandwidth of a network
- NTP can be abused in a similar way

adam's notes

Distributed Reflection DoS (DRDoS)

Graph View

Backlinks