UDP-Based Amplification Attacks ( overwhelming a victim’s system with UDP traffic)

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Systems Affected
Certain application-layer protocols that rely on the User Datagram Protocol (UDP) have been identified as potential attack vectors. These include

  • Domain Name System (DNS),
  • Network Time Protocol (NTP),
  • Connection-less Lightweight Directory Access Protocol (CLDAP),
  • Character Generator Protocol (CharGEN),
  • Simple Service Discovery Protocol (SSDP),
  • BitTorrent,
  • Simple Network Management Protocol version 2 (SNMPv2),
  • Kad,
  • Portmap/Remote Procedure Call (RPC),
  • Quote of the Day (QOTD),
  • Multicast Domain Name System (mDNS),
  • Network Basic Input/Output System (NetBIOS),
  • Quake Network Protocol,
  • Steam Protocol,
  • Routing Information Protocol version 1 (RIPv1),
  • Lightweight Directory Access Protocol (LDAP),
  • Trivial File Transfer Protocol (TFTP), and
  • Memcache.
Overview


A distributed reflective denial-of-service (DRDoS) is a form of distributed denial-of-service (DDoS) attack that relies on publicly accessible UDP servers and bandwidth amplification factors (BAFs) to overwhelm a victim’s system with UDP traffic.
Click to expand...

Detection

Detection of DRDoS attacks is not easy because of their use of large, trusted servers that provide UDP services. Network operators of these exploitable services may apply traditional DoS mitigation techniques. To detect a DRDoS attack, watch out for abnormally large responses to a particular IP address, which may indicate that an attacker is using the service.

There are a few things victims of DRDoS attacks can do to detect such activity and respond:
..
....
...
......
Click to expand...
 
  • Like
Reactions: Daviworld, Faybert and harlan4096
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
Security News Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining
Replies
0
Views
796
Security News
[correlate]
[correlate]
silversurfer
    • Like
    • +Reputation
    • Applause
New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner
Replies
0
Views
608
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
Mozi malware botnet goes dark after mysterious use of kill-switch
Replies
1
Views
555
News Archive
ForgottenSeer 97327
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top