During a DoS attack, a system is known to be so flooded with requests that regular, important requests can no longer be processed by other systems or users and, in an emergency, the system collapses completely.
DoS attacks are still popular methods today, for example to damage competitors. Alternatively, such denial of service attacks are linked to a ransom demand (referred to as ransom denial of service) in order to make services accessible again. Like everyone Cyber attack The classic DoS attack has also evolved over the years, including the well-known Distributed Reflective Denial of Service or DRDoS for short.
Compared to the “normal” DoS attack, in which an attacker sends requests to his victim directly from a system or a botnet, in a DRDoS attack the requests are not sent directly to the actual target. Rather, an attacker exploits the insecure behavior of UDP protocols, which - unlike TCP-based protocols - lack a handshake to determine whether the recipient is ready to receive the data.
This allows an attacker to request other network services such as DNS, NTP, etc. using his victim's IP address, which then send replies to the victim and can thus crash the system with their mass.
Faking the source IP to impersonate his victim is no longer a problem for cyber criminals these days. There are countless tools circulating on the internet that can be used to achieve exactly that. Disabling the UDP protocol is also not a solution to protect against such attacks, as they are just UDP-based protocols that are essential in modern networks.
The fact that DRDoS attacks are becoming increasingly popular is also due to their incredibly high impact. Compared to standard DDoDs attacks, DRDoS attacks are also much easier to carry out: complex botnets are no longer needed to carry out the DoS attacks, but only a system that can trigger an avalanche of requests on its own.
Came into the public eye again DRDoS attacks as the Memcached exploit "Memcrashed" got known. The security gap Memcached - one program, with which stores recently accessed data for faster retrieval during frequent queries can - caused hackers to steal large amounts of value stored in the program UDP could forward. So led small Inquiries to the program to massive responses that DoS attacks on a scale never seen before.
Active protection against the dreaded DRDoS attacks cannot be achieved. Protocols such as DNS and NTP still rely on the UDP protocol and modern systems in turn rely on DNS, NTP and the like. So it still can't work without it. However, there are some safeguards that can be implemented that will allow you to detect DRDoS attacks.
First, you should rely on solid basic security so that critical systems in particular cannot be accessed from outside or can only be accessed from secure sources or via email VPN are reachable. Monitoring tools should also be used to support this.
These tools, like one FirewallObserving and analyzing network traffic is a solid way to detect any type of DRDoS attack before it can cause critical damage to systems. In addition, IDS / IPS systems and WAFs force a timeout on the originating IP addresses and thus also protect against DRDoS attacks. It is also advisable to hide certain services behind CDN networks such as Cloudfare in order to further protect them.
