In 2012, there was a significant increase in the use of a specific distributed denial of service (DDoS) methodology known as Distributed Reflection Denial of Service attacks (DrDoS). DrDoS attacks have been a persistent and effective type of DDoS attack for more than 10 years. The technique shows no signs of obsolescence; it continues to grow in effectiveness and popularity.
Prolexic has observed many DrDoS attacks across a range of industries. The Prolexic Security Engineering and Response Team (PLXsert) is producing a series of white papers that analyze Reflection and Amplification DDoS Attacks. The four types of DrDoS attacks are:
The white paper series details real-world case studies of DrDoS attacks observed by PLXsert through the Prolexic global DDoS mitigation network. Their purpose is to:
DrDoS techniques usually involve intermediary victim machines that unwittingly participate in a DDoS attack against the attacker’s target. Requests to the intermediary victims are redirected, or reflected, from the secondary victims to the primary target.
Anonymity is one advantage of the DrDoS attack method. In a DrDoS attack, the primary target appears to be directly attacked by the victim servers, not the actual attacker. This approach is called spoofing.
Amplification is another advantage of the DrDoS attack method. By involving multiple victim servers, the attacker’s initial request yields a response that is larger than what was sent, thus increasing the attack bandwidth.