Next: Implications of reflector attacks
Up: Filtering out reflector replies
Previous: Other TCP applications /
To our knowledge, there are no other UDP applications
sufficiently widespread to serve as a major potential pool
of reflectors. If there were, however, and they did not
reside on a well-known port (such as UDP port 19 for chargen
[RP94]),
then they could be used to attack UDP-based victim servers
such as DNS servers by forging the victim's source address
and well-known port. While the reflection generated by the
application would be a junk request as far as the victim
server was concerned, unless the request had a set of
characteristics that permitted filtering it out, the victim
would have to spend resources determining that the request
was indeed invalid, and the attack would be effective.
Summary: while UDP applications could be a threat in principle,
no immediate threat is apparent.
Vern Paxson
2001-06-26