Flooding and Amplification

DDoS Attack Taxonomy

  • Flooding is an attack that attempts to cause a failure in a system by providing more input than the system can process properly. (CNSSI 4009-2015 )
    • Reflection is a technique for an attacker to forge the source address of request packets sent to agent machines performing the attack.
    • Flooding can be achieved by a botnet (robot network) through the command-and-control (C&C) covert channel without reflection.
  • Amplification is a technique to make the victim produce as much response data as possible, instead of as many requests. The ratio between the sizes of the response and the request is called the amplification factor.


  • Flooding: an attack that generates a huge amount of requests.
    • Reflection: one flooding technique that forges the source address of request packets to generate a huge amount of requests.
    • Botnet: a controlled network that can generate a huge amount of requests or flooding.
  • Amplification: a technique to trigger a large amount of response traffic from the victim with a single request. E.g., a single small DNS query causes a DNS server to respond with a DNS response in an abnormal size of 1MB.
  • A flood attack may command a botnet to generate reflected requests and amplify the response.


3 thoughts on “Flooding and Amplification

  1. Pingback: CISSP PRACTICE QUESTIONS – 20201017 by Wentz Wu, Effectiveness Evangelist, CISSP-ISSMP, ISSAP, ISSEPWentz Wu

  2. Pingback: CISSP PRACTICE QUESTIONS – 20201016 - Wentz Wu

  3. Pingback: TCP 3-Way Handshake Process - Wentz Wu

Leave a Reply