What Is a Reflection Attack?

A reflection attack is a compromise of a server's security accomplished by tricking it into giving up a security code to allow a hacker to access it. Reflection attacks are made possible when servers use a simple protocol to authenticate visitors. Adding some steps to increase security can make such attacks more difficult, forcing hackers to pursue other avenues of attack. Security professionals can assess a system to determine if the security is sufficient for the application.

This type of attack exploits a common security technique known as a challenge-response authentication, which relies on the exchange of secure information between authorized user and server. In a reflection attack, the hacker logs on and receives a challenge. The server expects an answer in the form of the correct response. Instead, the hacker creates another connection and sends the challenge back to the server. In a weak protocol, the server will send back the answer, allowing the hacker to send the answer back along the original connection to access the server.

Using proxies and other tools along a connection can make a reflection attack more difficult, as can making some changes to the protocol used by the server. These extra layers of security can be more time consuming and expensive to implement, and may not necessarily be provided by default on a system with relatively low security needs. Systems that use a challenge-response authentication approach to security can be vulnerable to reflection attack unless they are modified to address the most common security holes.

Other techniques for countering a reflection attack can include monitoring connections to the server for signs of suspicious activity. Someone attempting to gain unauthorized access may behave oddly, as seen, for example, if someone logs on and another connection opens almost immediately to allow that person to re-route the challenge to the server. This might be a warning sign that someone is attempting a reflection attack.

Computer security typically includes several levels. If one fails, as for example if a server is confused by a reflection attack, other levels can come into play to minimize the damage. These layers of security can be implemented by security professionals using a variety of programs to offer redundant protection, particularly to systems that handle sensitive information like government data. For extreme security, a system may be kept off network and accessed only in person in a facility that secures the server and access equipment.