A reflected DDoS amplification attack leverages the following core principles:
→ Spoofed Source IP Address: The attacker sends requests to intermediary servers (e.g., DNS servers) with the source IP address spoofed to be that of the victim. This means the intermediary server sends responses directly to the victim, unaware that the requests were forged.
→ Disproportionate Response Size: The requests are crafted in such a way that the responses from the intermediary servers are significantly larger than the original requests. For example, a small DNS query can trigger a large DNS response.
By combining these two aspects, the attacker can amplify the amount of traffic directed at the victim, maximizing the impact while minimizing the effort and resources required on the attacker's part.
B) Describes a SYN flood attack, which is a type of protocol attack but does not involve reflection or amplification. It focuses on exhausting server resources by creating incomplete TCP connections.
C) Refers to an application layer attack (e.g., HTTP flood), which targets the application layer by sending legitimate-like requests that are resource-intensive. While effective, it doesn't inherently involve reflection or amplification.
D) Discusses traffic distribution across multiple servers to evade detection, which is more related to the distribution aspect of DDoS attacks rather than reflection or amplification. It doesn't demonstrate the exploitation of a core vulnerability for amplification.