Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON

NETSCOUT SYSTEMS, INC.

(NTCT)
  Report
Delayed Quote. Delayed Nasdaq - 05/07 04:00:00 pm
26.79 USD   +2.14%
05/07NETSCOUTá : India Under Attack
PU
05/06NETSCOUTá : View this Presentation (opens in new window)
PU
05/06NETSCOUTá : Fiscal Q4 Earnings, Revenue Drop; Issues FY22 Guidance
MT
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

NetScout : What Is a Reflection/Amplification DDoS Attack?

05/04/2021 | 09:37am EDT
NETSCOUT
May 4th, 2021

RSS Feed

The COVID-19 pandemic has caused many organizations to accelerate digital transformation efforts in response to an exploding need for remote connectivity. But this trend also has opened the door to a greater threat from hackers and cybercriminals. In particular, distributed denial-of-service (DDoS) attacks have risen dramatically. The latest NETSCOUT Threat Intelligence Report revealed record-breaking DDoS activity in 2020, as attackers launched more than 10 million DDoS worldwide.

DDoS attackers have targeted a multitude of industries with the goal of taking critical systems offline to cause maximum disruption. These threats have put security professionals on notice, forcing them to reexamine strategies for keeping networks secure and systems protected.

Reflection/Amplification 101

One of the more popular DDoS attack types being employed today is the reflection/amplification attack, which enables attackers to generate higher-volume attacks by combining two methods:

  • In reflection attacks, adversaries spoof a target's IP address and send a request for information, primarily using the User Datagram Protocol (UDP), or in some cases the Transmission Control Protocol (TCP). The server then responds to the request, sending an answer to the target's IP address. This 'reflection'-using the same protocol in both directions-is why this is called a reflection attack. Any server operating UDP- or TCP-based services can be targeted as a reflector.
  • Amplification attacks generate a high volume of packets that are used to overwhelm the target website without alerting the intermediary. This occurs when a vulnerable service responds with a large reply when the attacker sends his request, often called the trigger packet. Using readily available tools, the attacker can send many thousands of these requests to vulnerable services, thereby causing responses that are considerably larger than the original request and significantly amplifying the size and bandwidth issued to the target. The amplification can include multiple response packets to a single packet, or larger packet sizes than the original. Either method results in amplification.
  • A reflection/amplification attack combines the two, enabling attackers to both magnify the amount of malicious traffic they can generate and obscure the sources of the attack traffic. The most prevalent forms of these attacks rely on millions of exposed DNS, NTP, SNMP, SSDP, and other UDP/TCP-based services.

Like all DDoS attacks, reflection/amplification attacks are designed to overwhelm the targeted systems, causing disruption or out-and-out shutdown of services.

What makes this type of attack so dangerous is that the servers/devices used for these types of attacks can be ordinary servers or consumer devices with no clear sign of having been compromised, making it difficult to prevent them. Also, launching a reflection/amplification attack doesn't require sophisticated tools, which means attackers can create enormous volumetric attacks by using a modest source of bots or a single robust server.

The Best Defense Is a Good Defense

The primary defense against reflection/amplification attacks is to block the spoofed source packets. Because attacks come from legitimate sources using trusted services such as DNS and NTP, it becomes difficult tell the difference between genuine user workloads and reflected traffic generated by attackers. Adding to the challenge, when a service comes under attack, legitimate user traffic may be forced to retry responses due to the slowdown in service, possibly causing these retries to be falsely identified as DDoS attacks in their own right.

Organizations can take the following steps to mitigate reflection/amplification attacks:

  • Rate limiting: This approach restricts sources based on a deviation from a previously established access policy and can be applied to destinations or to sources. Destination rate limiting may inadvertently impact legitimate traffic, making this a less desirable approach. Rate limiting the source is considered more effective.
  • Port blocking: By blocking ports that aren't needed, organizations can reduce vulnerability to attacks. It's important to note that this doesn't prevent attacks on ports that are used by both legitimate and attacker traffic.
  • Traffic signature filters: These filters can be used to identify repetitive structures that are indicative of an attack. The downside of filtering is potential impact on performance. Inspecting every packet may ultimately overwhelm defenses.
  • Threat intelligence services: By using threat intelligence services, security professionals can identify vulnerable servers, allowing organizations to proactively block the IP addresses and cut off potential attacks.

Learn more about DDoS attacks

Read the latest DDoS attack research

Disclaimer

NetScout Systems Inc. published this content on 04 May 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 04 May 2021 13:36:07 UTC.


ę Publicnow 2021
All news about NETSCOUT SYSTEMS, INC.
05/07NETSCOUTá : India Under Attack
PU
05/06NETSCOUTá : View this Presentation (opens in new window)
PU
05/06NETSCOUTá : Fiscal Q4 Earnings, Revenue Drop; Issues FY22 Guidance
MT
05/06NETSCOUTá : Earnings Release (opens in new window)
PU
05/06NETSCOUT : Fiscal Q4 Earnings Snapshot
AQ
05/06GUIDANCE : (NTCT) NETSCOUT SYSTEMS Forecasts Fiscal Year 2022 EPS Range $1.71 - ..
MT
05/06NETSCOUT SYSTEMS INCá : Results of Operations and Financial Condition, Financial..
AQ
05/06NETSCOUTá : Reports Fourth Quarter and Full Fiscal Year 2021 Financial Results
BU
05/06NETSCOUTá : Earnings Flash (NTCT) NETSCOUT SYSTEMS Posts Q4 Revenue $213.4M, vs...
MT
05/06NETSCOUTá : Earnings Flash (NTCT) NETSCOUT SYSTEMS Posts Q4 EPS $0.49, vs. Stree..
MT
More news
Financials (USD)
Sales 2021 832 M - -
Net income 2021 20,9 M - -
Net cash 2021 120 M - -
P/E ratio 2021 268x
Yield 2021 -
Capitalization 1 926 M 1 926 M -
EV / Sales 2021 2,17x
Capi. / Sales 2022 2,27x
Nbr of Employees 2 502
Free-Float 56,8%
Chart NETSCOUT SYSTEMS, INC.
Duration : Period :
NetScout Systems, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends NETSCOUT SYSTEMS, INC.
Short TermMid-TermLong Term
TrendsBearishNeutralBullish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus HOLD
Number of Analysts 3
Average target price 28,67 $
Last Close Price 26,79 $
Spread / Highest target 8,25%
Spread / Average Target 7,01%
Spread / Lowest Target 4,52%
EPS Revisions
Managers and Directors
NameTitle
Anil K. Singhal Chairman, President & Chief Executive Officer
Jean Ann Bua CFO, Treasurer, Chief Accounting Officer & EVP
Bruce Allen Kelley Chief Technology Officer & Senior Vice President
Ashwani Singhal Senior Vice President-Research & Development
Thor Wallace Chief Information Officer & Senior Vice President
Sector and Competitors
1st jan.Capitalization (M$)
NETSCOUT SYSTEMS, INC.-2.30%1 926
ACCENTURE PLC11.61%185 310
TATA CONSULTANCY SERVICES9.44%158 195
INTERNATIONAL BUSINESS MACHINES CORPORATION15.55%129 972
AUTOMATIC DATA PROCESSING, INC.10.61%82 929
INFOSYS LIMITED7.70%78 382