RAD: Reflector Attack Defense Using Message Authentication Codes

Date Added: Sep 2009
Format: PDF

Reflector attacks are a variant of denial-of-service attacks that use unwitting, legitimate servers to flood a target. The attacker spoofs the target's address in legitimate service requests, such as TCP SYN packets. The servers, called "Reflectors," reply to these requests, flooding the target. RAD is a novel defense against reflector attacks. It has two variants - locally-deployed (L-RAD) and core-deployed (CRAD). Local RAD uses Message Authentication Codes (MACs) to mark outgoing requests at their source, so the target of a reflector attack can differentiate between replies to legitimate and spoofed requests. MACs can be validated either at the target machine or on a gateway router at the target's network.