DDS Attacks

Question 1

Reflected Attack

Answer 1

Reflected Attack (Reflected DDoS / Reflected DoS)
• The attacker spoofs the victim’s IP address and sends requests to third-party servers.
• Those servers then “reflect” the replies back to the victim.
• Example: attacker sends small DNS requests (with victim’s IP as the source) → DNS server replies with large responses to the victim → floods the victim’s system.

Question 2

Amplified DDoS Attack (Amplification Attack)

Answer 2

A type of reflected attack where the response is much larger than the request.
• This “amplifies” the attack power.
• Example: attacker sends a 60-byte DNS query that triggers a 4,000-byte DNS response → the victim gets overwhelmed with huge traffic.
• Common protocols used: DNS, NTP, LDAP, SNMP.

Question 3

Exam tips

Answer 3

Reflected → traffic bounced off another server.
• Amplified → reflection + bigger response size.

Question 4

🔹 Wildcard Certificate

Answer 4

A type of TLS/SSL certificate that secures a domain and all of its subdomains.
• Uses an asterisk (*) in the domain name.
• Example:
• *.example.com → covers mail.example.com, shop.example.com, vpn.example.com.
• Advantage: cost-effective, easier management.
• Security+ focus: used to simplify certificate management but must be protected carefully (if compromised, all subdomains are at risk).