Security Glossary: DDoS

Amplified DDoS Attacks

Amplified DDoS Attacks

Amplification refers to a set of methods to increase the volume of attacks, typically through the abuse of non-suspecting 3rd party servers. A good example of such amplification is DNS amplification, in which queries are made to DNS servers that resolve domain names into IP addresses. When using the UDP protocol, the source IP of queries made to DNS servers is not verified. An attacker can therefore make a short request that yields a much longer response, while providing the IP address of the attacked target instead of the real IP making the request. The DNS server will send a response, which may be 10 or even 50 times longer than the query, to the attack target. Thus attackers can vastly increase the impact of their attacks.

Amplified DDoS attacks are particularly dangerous due to their stealth and potency. The attacker’s ability to use the victim’s IP address as the source of the request makes it challenging to trace the origin of the attack. This technique, known as IP address spoofing, not only masks the attacker’s identity but also misleads the response towards the victim. Consequently, the victim’s network faces an unexpected surge in traffic, leading to service degradation or complete shutdown.

The scalability of amplified DDoS attacks poses a significant threat to internet infrastructure. Attackers can harness multiple servers across the globe, multiplying the attack’s impact. This global reach means that even small-scale attackers can launch devastating assaults on large corporations or critical services. The collateral damage includes not only the targeted entity but also the abused third-party servers, which can suffer from performance issues and a tarnished reputation.

Defensive strategies against amplified DDoS attacks include advanced filtering techniques and network configurations that verify the authenticity of incoming traffic. Organizations can implement rate limiting and anti-spoofing measures to mitigate the effects of such attacks. Additionally, maintaining up-to-date security protocols on servers, especially those providing DNS and NTP services, is crucial to prevent their exploitation. Collaboration among network service providers, cybersecurity experts, and regulatory bodies is essential to develop and enforce standards that reduce the vulnerability of critical internet infrastructure to amplified DDoS attacks.