Reflector router

This redirect has not been added to any content categories. Please help out by adding categories to it so that it can be listed with similar redirects, in addition to a stub category. (May 2009)

This article provides insufficient context for those unfamiliar with the subject. Please help improve the article by providing more context for the reader. (Learn how and when to remove this message)

Another common DoS (Denial of Service) attack is when an attacker sends a flood of ICMP messages to a reflector or sets of reflectors typically a router using a victim's source IP address in the ICMP echo messages.

The attacker changes the ICMP origin address to the address of the actual victim router device or devices.

The reflector routers then innocently reply to the echo messages sending the replies to the victim router device or devices.

In many cases, the source “spoofed” address is a directed broadcast address allowing the attack to target a network segment instead of a specific host.

Using a large number of reflector routers will create a huge volume of ICMP echo replies to be sent to the victim network causing a DoS (Denial of Service).