DrDoS attack definition
A DrDoS (Distributed Reflection Denial of Service) attack is a more advanced form of a DDoS attack, where the hacker uses reflection techniques to amplify the attack traffic even further, overwhelming the targeted server or network. This form of cyberattack aims to make a network resource unavailable to its intended users by flooding it with more traffic than the server or network can accommodate.
During a DrDoS attack, the hacker spoofs the IP address of the target and sends a request to a third-party server. This server, unable to differentiate between a spoofed request and a legitimate one, sends its response to the target's IP address. As these responses are often larger than the original request, this leads to a significant increase in traffic, potentially overwhelming the target's resources. One of the most well-known examples of a DrDoS attack was the 2018 attack on GitHub, where the site was temporarily brought down due to an influx of traffic that peaked at 1.35 terabits per second.
Preventing DrDoS attacks
- Rate limiting. Set up controls on the traffic rate which can be processed by a server.
- Blacklisting. Block suspicious IPs and prevent them from making requests.
- Redundancy. If possible, have multiple servers available to help manage traffic and ensure uptime during an attack.
- Upstream filtering. Internet service providers can help filter out traffic from known malicious sources.