NTP DRDos Blog post

John jw at nuclearfallout.net
Thu Feb 20 19:37:57 UTC 2014

On 2/20/2014 9:17 AM, Jared Mauch wrote:
> I'll split the difference, folks in operational security dislike the term as they
> feel it's inaccurate.  They tend to think it's marketing vs operational related.
> Reflection attacks are considered a sub-type of DoS/DDoS and do not require a new
> term.  It's the same problem folks have with absolute terms like "Unlimited Data"
> with the asterisk.
> Can I direct the knife-fights about that part off-list? :)  (and preferably exclude me,
> i get enough email).

This is not a new term (certainly >12yo) and one that I see as useful, 
just as it is useful to differentiate between a DoS and a DDoS. That 
extra "D" tells you that it's "distributed". Add an "R" and now it's 
"reflected" -- an important difference.

If it's seen as being recently co-opted and misused by marketing people, 
then that's a shame. But its practicality trumps that in my eyes. And I 
am definitely on the operational security side here.

I do generally prefer "X reflection/amplification attack", as Roland 
suggested, as it is more specific.


More information about the NANOG mailing list