Security Dose: Reflection & Amplification Attack!

Security Dose: Reflection & Amplification Attack

We are here once again to explain another type of attack in the network which is called a reflection attack. It sometimes looks like a spoofing attack, as discussed earlier. In a spoof attack, the attacker replaces the source address of the packet with an unknown IP address and sends it to the target. 

Targets respond to the packet and the packet is not acknowledged as the destination is unknown. However, in a reflection attack, the attacker changes the source address of the packet to a known address on the network. This known device on the network is called a reflector.

⭐Related : Security Dose: Denial-of-Service Attack
⭐Related : Security Dose: Snooping Attack

Figure 1: Reflection Attack
Figure 1: Reflection Attack

At first glance, it may look less harmful as it is targeting only a single host on the network. The malicious traffic on the network is in proportion to the traffic generated by the attacker.

The more complex form of reflection attack is an amplification attack with multiple reflectors on the network. In an amplification attack, by some means, an attacker can send huge traffic to multiple reflectors on the network. In an amplification attack attacker's effort is to disrupt the target or bring the network to its knees with excessive traffic. 

A common target for an amplification attack is the DNS and NTP, where excessive traffic is generated that causes enormous bandwidth consumption on the network.

⭐Related : Security Dose - Basic Security Scenario and Terminologies!
⭐Related : Cybersecurity : DLL hijacking in 8 Steps

Hope you find this informative!

   Continue Reading...