DRDoS - Distributed Reflective Denial of Service

Table of contents

What is DRDoS?

A DoS attack is known to flood a system with requests to such an extent that regular important requests from other systems or users can no longer be processed and the system collapses completely in the event of an emergency.

DoS attacks are still popular methods today, for example to damage competitors. Alternatively, such Denial of Service attacks are linked to a ransom demand (referred to as Ransom Denial of Service) in order to make services accessible again. Like any cyber attack, the classic DoS attack has evolved over the years, including the well-known Distributed Reflective Denial of Service, or DRDoS for short.

PSN Icon Network

1. what constitutes DRDoS?

Compared to the "normal" DoS attack, in which an attacker sends requests directly from a system or a botnet to its victim, in a DRDoS attack the requests are not sent directly to the actual target. Rather, an attacker exploits the insecure behavior of UDP protocols, which - unlike TCP-based protocols - lack the handshake to determine whether the recipient is ready to receive the data.

This allows an attacker to query other network services such as DNS, NTP, etc. with their victim's IP address, which can then send responses to the victim and crash the system with their bulk.

Forging the source IP to impersonate its victim is not a problem for cyber criminals nowadays. There are countless tools circulating on the web that can be used to do just that. Even disabling the UDP protocol is not a solution to protect oneself from such attacks, as these are simply UDP-based protocols that are indispensable in modern networks.

The fact that DRDoS attacks are becoming increasingly popular is additionally due to their incredibly high impact. Compared to standard DDoD attacks, DRDoS attacks are also much easier to execute: There is no longer a need for elaborate botnets to carry out the DoS attacks, but only one system that can trigger an avalanche of requests on its own.

You want to have your system professionally tested for vulnerabilities?
Find out now about our professional vulnerability analysis!
Go to Vulnerability Analysis
PSN Icon Network

2. DRDoS attacks and Memcached exploit

Once again the focus of public attention was on DRDoS attacks when the Memcached exploit "Memcrashed" became known. The vulnerability in Memcached - a program that recently retrieved data is stored in order to be able to retrieve it more quickly in the event of frequent to be retrieved more quickly - made it possible for hackers to transfer large values stored in the program via UDP over UDP. Thus, small small requests to the program resulted in huge responses, which could be DoS attacks on an unprecedented scale.

PSN Icon Network

3. prevent DRDoS attacks

Active protection against the dreaded DRDoS attacks cannot be achieved. Protocols like DNS and NTP still rely on the UDP protocol, and modern systems in turn rely on DNS, NTP and co. So it still can't work without it. Nevertheless, some safeguards can be implemented that let you detect DRDoS attacks.

The first step should be to establish solid basic security so that critical systems in particular cannot be accessed from the outside or can only be reached from secure sources or via VPN. In addition, monitoring tools should be used for support.

These tools, like a firewall, that monitor and analyze network traffic are a solid way to detect DRDoS attacks of any kind before they can cause critical damage to systems. In addition, IDS / IPS systems and WAFs enforce a timeout on originating IP addresses and thus also protect against DRDoS attacks. It is also advisable to hide certain services behind CDN networks, such as Cloudfare, to protect them again separately.

Do you have any further questions about IT security?
Call us now or use our contact form!
Contact Now
OTHER CONTRIBUTIONS
ProSec Kerberos Attacks
Kerberos Attacks

Kerberos ist das überwiegend genutzte Authentifizierung-Protokoll im Microsoft Active Directory und hat dort in der alltäglichen Verwendung den New Technology

Read more "

Table of contents

Do you want to be part of our team?