An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks

Paxson, Vern. An analysis of using reflectors for distributed denial-of-service attacks[J]. ACM SIGCOMM Computer Communication Review, 2001, 31(3):38.

本文先讲解了DDoS攻击，再讲解基于reflector的DDoS攻击，最后基于各种网络协议的字段进行挨个分析，讲解哪些字段容易受到attacker的利用从而进行攻击。

DDoS攻击结构：

使用反射器的DDoS攻击

各协议可能被攻击的字段分析

ip ：Type of Service

TCP:If the reflector’s stack has guessable TCP sequence numbers

ICMP: reflectors generating ICMP messages can likely be filtered out.

UDP:port number can be filtered.

DNS:递归查询，欺骗查询

http: would be a significant threat were it not for the likely quick traceback due to the non-spoofed connection from the slave to the proxy. Definitely a significant threat if servers running on stacks with predictable sequence numbers are widely deployed.

Other TCP application: would be a significant threat were it not for the likely quick traceback due to the non-spoofed connection from the slave to the proxy. Definitely a significant threat if servers running on stacks with predictable sequence numbers are widely deployed.

原文值得细看，不错的文章，就是语法太难了。