Reflection DDoS Attack
A DDoS attack where the attacker exploits publicly available services to amplify the attack traffic.
Understanding:
A Reflection DDoS attack exploits vulnerable services to amplify malicious traffic by reflecting it toward a target. Attackers send small forged requests that result in large response packets, overwhelming the victim’s network.
Common Applications and Use Cases:
DNS Reflection Attacks – Attackers abuse misconfigured DNS servers to generate large responses.
NTP & SSDP Reflection – Amplifies DDoS attacks using publicly available services.
SMB & LDAP Reflection – Used to disrupt enterprise environments.
Best Practices and Security Considerations:
Block Spoofed Traffic Using BCP38 Filtering – Prevents IP spoofing.
Rate-Limit Requests on Public Servers – Reduces amplification risks.
Disable Unused UDP Services – Mitigates exposure to reflection-based attacks.