This topic is to discuss the following lesson:
Hi,
How to protect from the amplification attack
Thanks
Hello Sims
An amplification attack is a type of Denial of Service (DoS) attack that uses certain characteristics of particular services to amplify or magnify the amount of traffic that is directed towards a victim, resulting in it being overwhelmed and not able to respond. Amplification takes advantage of “reflectors” which are systems that legitimately respond to an attack, but in doing so, inadvertently add to the volume of DoS traffic. Such attacks typically take advantage of vulnerabilities found in certain firmwares or network OSes, or in protocols and services such as DNS NTP SNMP and NetBIOS.
How do we defend against such attacks? Well, there are several steps to take:
- Ensure that your network OS firmware is updated, the IOS in the case of Cisco devices, so that no vulnerabilities from older versions can be exploited.
- use services like Cloudflare that can help protect against such attacks
- Use techniques for DoS attacks in general which are detailed in the link below:
Wikipedia makes the following statement about amplification attacks from their page on Denial of Service Attacks:
It is very difficult to defend against these types of attacks because the response data is coming from legitimate servers. These attack requests are also sent through UDP, which does not require a connection to the server. This means that the source IP is not verified when a request is received by the server. To bring awareness of these vulnerabilities, campaigns have been started that are dedicated to finding amplification vectors which have led to people fixing their resolvers or having the resolvers shut down completely.
So there is no single answer to this question. It’s a combination of ensuring up-to-date firmware, as well as employing industry-standard techniques to secure your network and resources.
I hope this has been helpful!
Laz