sunrpcreflection
Explanation
The sunrpcreflection event in Netography Fusion Portal is designed to detect attacks against the SunRPC protocol used to manage network communication between servers and clients. Attackers can exploit reflection-based techniques to amplify their attack traffic and generate a large volume of traffic to overwhelm a network. The attack works by sending a request to an exposed UDP service that has a large response to a small request. The response is then spoofed to the victim's IP address, resulting in a DDoS attack.
What to Look For
If the sunrpcreflection event is triggered, network administrators should investigate the source IP address or range where the suspicious traffic is originating from. They should also examine UDP traffic on the network for signs of the SunRPC protocol being used. On endpoints, administrators should be aware of any unusual network activity or performance issues. To prevent these types of attacks, network administrators should ensure that SunRPC services are properly secured and not exposed to the public internet.
Related MITRE ATT&CK Categories
Updated 13 days ago