Attacks & Threats
NTP Amplification Attack
Definition
A reflection DDoS attack abusing the NTP MONLIST (and similar) commands to make NTP servers reply with very large packets to a spoofed victim address.
Examples
- An attacker sends a small MONLIST query with the victim's IP spoofed; the server replies with kilobytes of monitoring data sent to the victim.
- Hundreds of public NTP servers are used in parallel to direct hundreds of gigabits of reflected traffic at a target.
Related terms
DDoS Amplification
A DDoS technique that abuses UDP-based services to reflect responses many times larger than the spoofed request, allowing small attackers to generate massive flood volumes.
Distributed Denial-of-Service (DDoS) Attack
A denial-of-service attack carried out from many distributed sources simultaneously — typically a botnet — to overwhelm a target's bandwidth, infrastructure, or application.
DNS Amplification Attack
A reflection DDoS attack that abuses open DNS resolvers by sending small queries with the victim's spoofed IP, causing resolvers to send large DNS responses to the victim.
IP Spoofing
Forging the source IP address of network packets to impersonate another host, bypass filters, or amplify denial-of-service attacks.
Smurf Attack
A legacy amplification DDoS that sends ICMP echo requests to a network's broadcast address with the victim's IP spoofed as the source, causing every host on that network to reply to the victim.
Fraggle Attack
A UDP variant of the Smurf attack that sends spoofed UDP echo or chargen packets to a network's broadcast address, causing every responding host to flood the victim.