Security

RAD: Reflector Attack Defense Using Message Authentication Codes

Free registration required

Executive Summary

Reflector attacks are a variant of denial-of-service attacks that use unwitting, legitimate servers to flood a target. The attacker spoofs the target's address in legitimate service requests, such as TCP SYN packets. The servers, called "Reflectors," reply to these requests, flooding the target. RAD is a novel defense against reflector attacks. It has two variants - locally-deployed (L-RAD) and core-deployed (CRAD). Local RAD uses Message Authentication Codes (MACs) to mark outgoing requests at their source, so the target of a reflector attack can differentiate between replies to legitimate and spoofed requests. MACs can be validated either at the target machine or on a gateway router at the target's network.

  • Format: PDF
  • Size: 200.9 KB