Computrad WAN Blog Reflective DDoS

Reflective DDoS

Reflective DDoS is the ability to mount a DDoS attacked on a target from a trusted host making this type of attack difficult to detect and resolve without causing undesirable effects.

For example an attacker would mount a DDoS attack, such as a SYN flood attack on a corporate DNS server and have the attack be spoofed by a IP address that sits within the trust zone of that company.

So what effectively happens is that the DNS server, if not bought down by the tirade of SYN floods, is then sending SYN ACKS to this 'spoofed' IP address which happens to be a trusted host on that network. To this host, it now appears that the DNS server is the attacker because of amount of SYN ACKS it is sending!

What does this mean? By the time your IPS solution picks up the real attack and blocks it, it also then blocks the DNS server as that is seen as a compromised node / DDoS source.

A massive corporate without a DNS server? Ouch!

DNS server is just an example, it could be a crucial web server or domain controllers. It can also be a multicast DDoS attack, so a number of trusted hosts are spoofed thereby folding the ramifications of this type of attack.

Reflective DDoS is a cunning attack that nearly all IPS solutions can not counter due to them being threshold centric.

Computrad Europe Ltd specialises in DDoS mitigation solutions and have done so for the US military and e-gaming verticals with success.

Speak to Computrad today to see how we can help!

Written By:
Sunny Gill (WAN Optimisation and Security Consultant)

Related Tags

• Networking
• DDoS
• Denial of Service
• Mitigation
• High Avaliability

8 Comments on Reflective DDoS

Feel free to leave a comment on any issue regarding the blog itself or 10 Most Common WAN Mistakes.

Name:
Comment:
Validation:	Please type the code to the left in the box to the right of it

 

air max shoes says: Tuesday 31st August 2010 (5:38AM)

nike shox R4
Nike air max
Air max shoes
men air jordans
Discount Air Max
air jordans shoes
cheap nike shox R4
discount air jor

chanel handbags says: Tuesday 31st August 2010 (5:37AM)

handbags
guess handbags
fashion handbags
gucci handbags
fashion handbags
chanel handbags
chanel bags sale
ugg boots sale says: Monday 30th August 2010 (11:07AM)

fashion ugg pink,ugg boots sale,ugg 5815,ugg 5825 "is getting "green". ugg boots sale ugg classic tall,ugg slippers, ugg boots tall,uggs on sale,ugg pink,ugg boots sale,ugg 5815,ugg 5825 "is getting "green". ugg boots sale ugg classic tall,ugg slippers, ugg boots tall,uggs on sale,

Citrix Fast Launch Utility Released Using this recently released utility, expedites the application launch experience for end users using Citrix XenApp

Greenford High School picks a winner with Palo Alto Networks

XenServer snapshot backups Utlising the new snapshot technology in XenServer

Applipedia is now available on the iPhone! Palo Alto Networks brings it to the iPhone world!

About DDOS TCP-SYN attacks and how to create a TCP-SYN attack Good article about TCP-Syn attacks and how to simualte one

Cisco Guard DDoS alternatives Considering the options

Reflective DDoS A new type of DDoS attack guaranteed to cause CARNAGE!

Painful truth about DDoS

Archives

• April 2009
• August 2009
• February 2009
• January 2010
• July 2009
• June 2009
• March 2009
• March 2010
• May 2009
• May 2010
• September 2009

Categories

• General
• Techniques
• News
• Technology

Authors

• Daniel Almond (Solutions Architect)
• Johan Carstens (Application Delivery Guru)
• Sunny Gill (WAN Optimisation and Security Consultant)

Contact

Tel: +44 (0)208 997 9888
Email: sales@computrad.co.uk

Bookmark & Share

GSA Schedule