Distributed Reflection Denial of Service – DRDoS

A special category is the so called DDoS Distributed Reflection Denial of Service (DRDoS). In this type of attack, the attacker produces computer connection requests to servers with very fast network connections, using as a source address not their own, but that of the target of the attack. In this way the server will respond positively to requests for connection to the attacker but not the target of the attack. Through the multiplier effect given by the retransmissions of the servers contacted, that with the lack of response from the target of the attack (apparently the initiator of the connection) will ensure a relay (usually up to 3 times) the picture package lost, entering So in a vicious cycle that sees quickly exhaust the resources of the target.

The latter type of attack is particularly insidious because, due to the nature of the responses, it is difficult to shield the common users, for if you filter the responses of the server itself would be compromised functionality of the network connection by preventing, in fact, receiving also information. The responses of the server, requested by the attacker, are in fact indistinguishable from those generated by a legitimate request of the victim. The problem is presenting with a higher incidence since Microsoft decided to make the “Raw Sockets” interface for access to TCP / IP, easily available. The Raw sockets allow precisely the change of the source address of the packet and replace it with that of the victim, and that is instrumental for this type of attack.

Types of attack

Technically, a cut of power to a server, for a malicious purpose, may be considered a Denial of Service. In fact, the denial of service is made by saturating one of the targeted server.

Denial by saturation

The desired result of a Denial of service is off-line computer tool, usually a server. Computer equipment has a processing power of limited information and is configured to handle a number of requests during a predetermined period of time. If the number of requests exceeds the limit laid down for an extended period, one of them saturates and refusing new requests. Users seeing their application refused can not access the server services.

A DoS attack aims to saturate the server applications so that it can no longer respond to requests from library users.

Attack By Distributed Denial Of Service (DDoS attack)

The attack by distributed denial of service is a variant of the attack denial of service. It is based on the accumulation of denial of service, conducted simultaneously by several computers in parallel. This approach reduces the time required to attack by amplifying its effects.

In this type of attack, hackers often hidden behind machine rebounds (or zombie machines), used without the knowledge of their owners. A set of machine rebounds, also known as botnet, is controlled by an attacker after infection by each program type backdoor.

Continued…