Reflector Saturation in Amplified Reflection Denial of Service Attack Abusing CLDAP and Memcache Protocols

Amplified reflection distributed denial-of-service (ARDDoS) attacks have been prevalent in the last ten years. AR-DDoS attacks are volumetric attacks where the stream reaching the victim comes from an intermediary infrastructure that amplifies and redirects it to the target, all orchestrated by a skilled attacker. This dynamic motivates the study of the behavior of the intermediate node - the reflector - since the effectiveness of the attack depends on it. This work aims to evaluate the saturation behavior of Connection-less Lightweight Directory Access Protocol (CLDAP) and Memcache reflectors during a DDoS attack by amplified reflection characterizing such behavior on general-purpose hardware. The results obtained are compared with previous works and discussed with the aim of anticipating evolution trends in AR-DDoS attacks and possible requirements for improvements in their detection and mitigation. (AU)