Draft:Reverse NDR attack (email)

Draft article not currently submitted for review. This is a draft Articles for creation (AfC) submission. It is not currently pending review. While there are no deadlines, abandoned drafts may be deleted after six months. To edit the draft click on the "Edit" tab at the top of the window. To be accepted, a draft should: Show the subject qualifies for a Wikipedia article by using multiple sources that meet four criteria. The sources should be (1) reliable (2) secondary (3) independent of the subject (4) talk about the subject in some depth. For some topics, there are alternative criteria. Be written from a neutral point of view Respect copyright and do not plagiarize. Do not copy-paste. It is strongly discouraged to write about yourself, your business or employer. If you do so, you must declare it. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Last edited by Izotov (talk | contribs) 7 days ago. (Update) Submit the draft for review!

A reverse NDR attack or reverse bounceback attack is an email attack, when attackers intentionally cause huge amounts of backscatters to their victims in a short period of time.

The reverse NDR attack is one of the rare email attacks that doesn't try to exploit the human error of the recipient (i.e. phishing), but attack the victim's infrastructure. The reverse NDR attack is a denial-of-service attack: the heavy flood of the NDRs usually causes the victim's email infrastructure to become unavailable.

Mechanism

The attacker sends email messages forging the sender email address, impersonating the victim.

The forged messages are attempted to be sent to several (thousands or more) SMTP servers that are not expected to be able to deliver these emails as they do not host the recipient. Misconfigured SMTP servers -instead of rejecting recipients that they do not host- accept such emails. As the SMTP server can not deliver the email, it sends an NDR to the impersonated victim according to RFC 5321.

The victim's SMTP server goes down under the heavy flood of NDR emails.

 

Mechanism of a reverse NDR attack

References