Attacks & Threats
DDoS Amplification
Also known as: Reflection DDoS, Amplification attack
Definition
A DDoS technique that abuses UDP-based services to reflect responses many times larger than the spoofed request, allowing small attackers to generate massive flood volumes.
Examples
- An attacker spoofs the victim's IP and sends DNS ANY queries to thousands of open resolvers, which flood the target with large responses.
- Memcached servers exposed to the Internet are abused to deliver attacks with amplification ratios above 50,000×.
Related terms
Distributed Denial-of-Service (DDoS) Attack
A denial-of-service attack carried out from many distributed sources simultaneously — typically a botnet — to overwhelm a target's bandwidth, infrastructure, or application.
DNS Amplification Attack
A reflection DDoS attack that abuses open DNS resolvers by sending small queries with the victim's spoofed IP, causing resolvers to send large DNS responses to the victim.
NTP Amplification Attack
A reflection DDoS attack abusing the NTP MONLIST (and similar) commands to make NTP servers reply with very large packets to a spoofed victim address.
Smurf Attack
A legacy amplification DDoS that sends ICMP echo requests to a network's broadcast address with the victim's IP spoofed as the source, causing every host on that network to reply to the victim.
Fraggle Attack
A UDP variant of the Smurf attack that sends spoofed UDP echo or chargen packets to a network's broadcast address, causing every responding host to flood the victim.
IP Spoofing
Forging the source IP address of network packets to impersonate another host, bypass filters, or amplify denial-of-service attacks.