DrDoS attack: how it works and how it affects

DrDoS attack: how it works and how it affects

When browsing the Internet, we come across a large number of threats and malicious strategies that can compromise data and devices. Among all of them, something very common are DDoS attacks or denial of services. It is capable of leaving a web page without service, for example. However, in this article we are going to explain what a DrDoS attack consists of and why they are dangerous.

What a DrDoS attack looks like

DrDoS comes from DDoS Reflection. We can translate it as a distributed reflection denial of service attack. In this case, unlike a DDoS attack, not only is a large volume of requests launched to achieve denial of services, but it is also amplified.

Basically what happens is that a denial of service attack is capable of multiplying the number of requests to attack the final target. For this to happen, there must be a large number of devices that participate in this attack.

These requests to the victim’s host devices are redirected or mirrored (hence the name) from the hosts to the destination. This is what causes an amplification of the traffic for the attack.

An important point that this type of attack achieves is that the IP address of the devices that are part of the attack does not reach the destination. In other words, what happens is that this IP address is replaced by that of the system that is being attacked. This is known as spoofing and it succeeds in spoofing the source of the request.

This type of attack will use devices that are outdated or have some uncorrected vulnerability. For example, they can use a security camera that we have connected to the Internet, a television, a network switch … That is why it is always essential to keep all devices properly protected and updated.

Ataque DrDoS

Great multiplication capacity

Without a doubt, the highlight of a DrDoS attack is its great capacity to multiply itself. It is capable of being amplified up to thousands of times, depending on the protocol on which it is based. It is a variety of DDoS attacks that is capable of attacking a victim’s computer and that this device, in turn, sends a large number of requests.

This will allow for a larger response than was sent. You will increase the bandwidth of the attack and thus achieve the ultimate goal of denial of service and disruption.

There are several network protocols that are used to carry out this type of attack. We can name the following:

  • DNS : is the domain name service, which is responsible for translating IP addresses in the domain name. It is necessary to simply put this article in the browser and take us to the page and not have to know what the corresponding IP address is.
  • NTP : is the network time protocol. It is used to synchronize the servers on the Internet.
  • SNMP : another protocol that can attack. In this case, it is used to manage Internet devices such as printers, switches or routers.
  • SSDP : simple service discovery protocol, if we translate it into Spanish. Used by UPnP devices. They are both domestic and office devices and we can name televisions, surveillance cameras, printers …

How to avoid being a victim of these attacks

We have seen that practically any computer that is connected to the network can be attacked. For example surveillance cameras, televisions, routers … Any device of what is known as the Internet of Things. Therefore, we are going to give some important tips to keep devices protected and avoid problems of this type as much as possible.

Upgrade any equipment

The most important thing to prevent our devices from being part of an attack of this type, as well as many others, is to keep everything up to date . It does not matter if it is a computer, mobile, router or any IoT device that we practically do not use. The truth is that any computer with Internet access can become vulnerable.

This makes it imperative to add all available security patches. If we install the latest versions we will achieve not only a better performance of the equipment, but also a significant improvement in security to prevent attacks of many types.

Disconnect unnecessary devices from the network

Is there a device that we have connected to the network that we don’t really use? In this case the advice is to disconnect it . We are not necessarily talking about turning it off and stop using it, but about disconnecting it from the Internet and only connecting it when we really need it.

Sometimes we have old devices in the home that have not received updates for years and without us actually using them. This can be a problem, since it could be exploited by a cybercriminal to launch a DrDoS attack or any other and take advantage of that situation.

Set up a firewall

Another issue to take into account is to configure a firewall on our network. This will allow you to block malicious connections and carry out a filter. It is one more security measure that we can apply to our networks, both at a domestic and business level.

Firewalls are an important complement to security programs, such as an antivirus such as Windows Defender, Bitdefender, Avast … It is something that we can take into account.

Avoid errors in security settings

In many cases, these attacks are not based on an existing vulnerability, but rather take advantage of errors in the security configuration by the person in charge of that team. This may mean that they carry out strategies to look for certain flaws and be able to attack them.

Therefore, we always recommend spending time with these devices connected to the network and correctly configure the security. We should never change values if we really do not know what we are doing, as it could negatively affect us.

Ultimately, a DrDoS attack will use an intermediate team to reflect an attack. Basically, a botnet is going to attack another device and this in turn is going to reflect the requests to, among all the infected computers, attack the victim and achieve the denial of service.