Wednesday, October 2, 2024

Vulnerability Management - BAF, DRDoS, Amplification Attack

Source - CISA

Posting this because I mugged up few full forms without understanding them.

Disclaimer - The stunt of memorizing concepts without understanding them and then appearing for interviews is performed by professionals, please do not try this anywhere !!

A distributed reflective denial-of-service (DRDoS) is a form of distributed denial-of-service (DDoS) attack that relies on publicly accessible UDP servers and bandwidth amplification factors (BAFs) to overwhelm a victim’s system with UDP traffic.

By design, UDP is a connection-less protocol that does not validate source IP addresses. Unless the application-layer protocol uses countermeasures such as session initiation in VoIP, an attacker can easily forge the IP packet datagram (a basic transfer unit associated with a packet-switched network) to include an arbitrary source IP address. When many UDP packets have their source IP address forged to the victim IP address, the destination server (or amplifier) responds to the victim (instead of the attacker), creating a reflected DoS attack.

Certain commands to UDP protocols elicit responses that are much larger than the initial request. Previously, attackers were limited by the linear number of packets directly sent to the target to conduct a DoS attack; now a single packet can generate between 10 and 100 times the original bandwidth. This is called an amplification attack, and when combined with a reflective DoS attack on a large scale, using multiple amplifiers and targeting a single victim, DDoS attacks can be conducted with relative ease.

The potential effect of an amplification attack can be measured by BAF, which can be calculated as the number of UDP payload bytes that an amplifier sends to answer a request, compared to the number of UDP payload bytes of the request.

Please find below URL for more details (You can find BAF of various protocols here):
https://www.cisa.gov/news-events/alerts/2014/01/17/udp-based-amplification-attacks

Happy Learning !!
VulnerabilityManagement CyberSecurity
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Vulnerability Management - Understanding vulnerability posture

Understanding the vulnerability posture of an organisation at a basic level helps you drive remediation efforts. So, I don't know what t...