On Sun 2018-Sep-02 10:09:32 +0700, Roland Dobbins <rdobbins@arbor.net> wrote:
On 1 Sep 2018, at 1:43, Hugo Slabbert wrote:
Generally on the TCP side you can try SYN or ACK floods, but you're not going to get an amplified reflection.
Actually, TCP reflection/amplification has been on the increase; the attacker is guaranteed at least 4:1 amplification in most circumstances, the number of reflectors/amplifiers is for all practical purposes infinite, and they're mostly legitimate, non-broken services/applications.
Fair. I guess in terms of common reflect/amp vector at $dayjob we just see UDP-based significantly more frequently on large volumetric attacks given the amp factor on some vectors is so huge. Some relevant reading I need to revisit: https://www.usenix.org/sites/default/files/conference/protected-files/woot14... https://www.usenix.org/system/files/conference/woot14/woot14-kuhrer.pdf
And as always, it's important to note that with all reflection/amplification attacks, the root of the issue is the lack of universal source-address validation (SAV). Without the ability to spoof, there would be no reflection/amplification attacks.
ACK, pun intended.
----------------------------------- Roland Dobbins <rdobbins@arbor.net>
-- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com pgp key: B178313E | also on Signal