Amplification and Reflection Traffic: 17 Percent
Reflection attacks use one or more third-party DNS servers, usually open resolvers on the internet, to propagate a distributed denial of service (DDoS) attack on a victim’s server.

Attackers spoof the DNS queries they send to open resolvers by including the victim’s IP address as the source IP.

The resolvers send all responses to the victim’s server, thereby overwhelming it and potentially creating a denial of service.
In an amplification attack, the queries are specially crafted to result in a very large response.

Cyber-criminals typically use a combination of amplification and reflection to maximize impact on the victim’s server.

Leave a Reply