codreflection
Explanation
This event is designed to detect CoD (Call of Duty) reflection attacks that can cause a significant disruption to your network. CoD reflection attacks occur when an attacker sends a packet to an open CoD server port, requesting information from a specific IP address. The server responds with an amplified packet, hitting the target with a flood of traffic that can quickly bring down a network.
What to Look For
If this event is triggered, it means that Netography Fusion has detected anomalies in the network traffic that suggest a CoD reflection attack may be underway. The NDM Event will provide details on the source and destination addresses, the type of attack, and the protocols used in the communication. Look for any unusual patterns or behavior that could indicate an attack, and take immediate action to block traffic from the identified sources. You may also want to examine any endpoints that are sending or receiving traffic to see if they are infected with malware or other vulnerabilities that could be exploited in a CoD reflection attack.
Related MITRE ATT&CK Categories
Updated 13 days ago