Reflections on reflection (attacks)

In this blog post, the author discusses popular reflection attacks and how to defend against them. Reflection attacks involve a server capable of IP address spoofing, a protocol vulnerable to reflection/amplification, a list of reflectors, and a victim IP address. The attacker sends fake UDP requests with the victim's IP address in the source IP address field, causing the reflector server to send responses to the victim. The author provides statistics on three popular reflection attack vectors: NTP, SSDP, and DNS. They explain how Cloudflare mitigates these attacks using their Anycast network and firewall rules. The post also touches upon other protocols used in reflection attacks and emphasizes the importance of proper internet hygiene and sufficient network capacity to combat such threats.