Security Dose: Reflection & Amplification Attack!
Security Dose: Reflection & Amplification Attack
We are here once again to explain another type of attack in the network which is called a reflection attack. It sometimes looks like a spoofing attack, as discussed earlier. In a spoof attack, the attacker replaces the source address of the packet with an unknown IP address and sends it to the target.
Targets respond to the packet and the packet is not acknowledged as the
destination is unknown. However, in a reflection attack, the attacker changes
the source address of the packet to a known address on the network. This known
device on the network is called a reflector.
⭐Related : Security Dose: Denial-of-Service Attack
⭐Related : Security Dose: Snooping Attack
![]() |
Figure 1: Reflection Attack |
At first glance, it may look less harmful as it is targeting
only a single host on the network. The malicious traffic on the network is in
proportion to the traffic generated by the attacker.
The more complex form of reflection attack is an amplification attack with multiple reflectors on the network. In an amplification attack, by some means, an attacker can send huge traffic to multiple reflectors on the network. In an amplification attack attacker's effort is to disrupt the target or bring the network to its knees with excessive traffic.
A common target for an
amplification attack is the DNS and NTP, where excessive traffic is generated
that causes enormous bandwidth consumption on the network.
⭐Related : Security Dose - Basic Security Scenario and Terminologies!
⭐Related : Cybersecurity : DLL hijacking in 8 Steps
Hope you find this informative!