What are DrDoS attacks

What a DrDoS attack looks like

DrDoS comes from DDoS Reflection. In Spanish we can translate it as a distributed reflection denial of service attack. In this case, unlike a DDoS attack, not only is a large volume of requests launched to achieve denial of services, but it is also amplified.

Basically what happens is that a denial of service attack is capable of multiplying the number of requests to attack the final target. For this to happen, there must be a large number of devices that participate in this attack.

These requests to the victim’s host devices are redirect or reflect (hence its name) from the hosts to the destination. This is what causes an amplification of the traffic for the attack.

An important point that this type of attack achieves is that the IP address of the devices that are part of the attack does not reach the destination. In other words, what happens is that this IP address is replaced by that of the system that is being attacked. This is known as identity fraud and manages to falsify the source of the request.

This type of attack will use devices that are outdated or have some uncorrected vulnerability. For example, they can use a security camera that we have connected to the Internet, a television, a network switch … That is why it is always essential to keep all devices properly protected and updated.

Great multiplication capacity

Definitely the highlight of a DrDoS attack it is its great capacity to multiply itself. It is capable of being amplified up to thousands of times, depending on the protocol on which it is based. It is a variety of DDoS attacks that is capable of attacking a victim’s computer and that this device, in turn, sends a large number of requests.

This will allow for a larger response than the one that was sent. You will increase the bandwidth of the attack and thus achieve the ultimate goal of denial of service and disruption.

There are several network protocols that are used to carry out this type of attack. We can name the following:

  • DNS: is the domain name service, which is responsible for translating IP addresses in the domain name. It is necessary to simply put RedesZone in the browser and take us to the page and not have to know what the corresponding IP address is.
  • NTP: is the network time protocol. It is used to synchronize the servers on the Internet.
  • SNMP: another protocol that they can attack. In this case it is used to manage Internet devices such as printers, switches or routers.
  • SSDP: simple service discovery protocol, if we translate it into Spanish. Used by UPnP devices. They are both domestic and office devices and we can name televisions, surveillance cameras, printers …

How to avoid being a victim of these attacks

We have seen that practically any computer that is connected to the network can be attacked. For example surveillance cameras, televisions, routers … Any device of what is known as the Internet of Things. Therefore, we are going to give some important tips to keep devices protected and avoid problems of this type as much as possible.

Upgrade any equipment

The most important thing to prevent our devices from being part of an attack of this type, as well as many others, is to keep everything updated. It does not matter if it is a computer, mobile, router or any IoT device that we practically do not use. The truth is that any computer with Internet access can become vulnerable.

This makes it imperative to add all available security patches. If we install the latest versions we will achieve not only a better performance of the equipment, but also a significant improvement in security to prevent attacks of many types.

Disconnect unnecessary devices from the network

Is there a device that we have connected to the network that we don’t really use? In this case the advice is disconnect it. We are not necessarily talking about turning it off and stop using it, but about disconnecting it from the Internet and only connecting it when we really need it.

Sometimes we have old devices in the home that have not received updates for years and without us actually using them. This can be a problem, since it could be exploited by a cybercriminal to launch a DrDoS attack or any other and take advantage of that situation.

Set up a firewall

Another issue to take into account is to configure a firewall in our network. This will allow you to block malicious connections and carry out a filter. It is one more security measure that we can apply to our networks, both at a domestic and business level.

Firewalls are an important complement to security programs, such as an antivirus such as Windows Defender, Bitdefender, Avast … It is something that we can take into account.

Avoid errors in security settings

In many cases, these attacks are not based on an existing vulnerability, but instead take advantage of errors in the security settings by the person in charge of that team. This may mean that they carry out strategies to look for certain flaws and be able to attack them.

Therefore, we always recommend spending time with these devices connected to the network and correctly configure the security. We must never change values ​​if we really do not know what we are doing, as it could negatively affect us.

Ultimately, a DrDoS attack will use an intermediate team to reflect an attack. Basically, a botnet is going to attack another device and this in turn is going to reflect the requests to, among all the infected computers, attack the victim and achieve the denial of service.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *