Remote work Infographic<br />

Listen to The Threat Talks on:

Deep Dive – The most simple DoS attack: Reflection attack

Your cybersecurity experts

Lieuwe Jan Koning

Co-Founder and CTO ON2IT Group

Luca Cipriano

Threat Intel Specialist ON2IT

Rob Maas Field CTO

Rob Maas


Remote work Infographic

Reflection Attack: The most simple DOS attack

Distributed Denial of Service Attacks

Imagine the potency of a DOS attack powered by the reflection of network requests. We discuss how attackers exploit ordinary protocol functionalities to launch devastating assaults on unsuspecting victims. With no software vulnerabilities to patch, these attacks leverage the inherent design of protocols like DNS and NTP to magnify their impact.

From the theoretical ‘how-tos’ to the intricacies of mitigation, we dissect the anatomy of reflection attacks, examining the roles of attacker, server, and victim in a digital skirmish. Why is UDP the protocol of choice for such attacks? What can organizations do when facing the torrent of unwarranted network responses?

Join us into the tactical battleground of cybersecurity, where understanding the enemy’s moves is half the battle won.

Download the infographic for the complete overview

Episode details:

Lieuwe Jan Koning, Rob Maas and Luca Cipriano

In the latest episode of Threat Talks, Lieuwe Jan Koning, Rob Maas and Luca Cipriano zero in on DNS amplification and reflection attacks. From the Security Operation Center floor of ON2IT, they unpack how attackers use these techniques to launch potent DoS attacks, sidestepping traditional defenses with chilling efficiency.

The episode starts with the reflection attack, where an attacker deceives a DNS server into sending responses to an unintended victim by spoofing the source IP address. This concept is scaled up to illustrate how a network can be quickly overwhelmed by a barrage of unsolicited responses.

The conversation then pivots to amplification attacks, a method where small queries trigger disproportionately large responses. This tactic illustrates the cunning use of a network’s own design against itself, amplifying the attack’s force while conserving the attacker’s resources.

Defense strategies are also discussed, highlighting the complexities of protecting against attacks that exploit fundamental internet protocols. The team touches on countermeasures like blocklists and questions the viability of DNS servers’ public accessibility.

Subscribe to our Spotify channel and stay up to date with every cybersecurity treat.