This paper considers the phenomenon where a single probe to a target generates multiple, sometimes numerous, packets in response -- which we term "blowback". Understanding blowback is important because attackers can leverage it to launch amplified denial of service attacks by redirecting blowback towards a victim. Blowback also has serious implications for Internet researchers since their experimental setups must cope with bursts of blowback traffic. We find that tens of thousands, and in some protocols, hundreds of thousands, of hosts generate blowback, with orders of magnitude amplification on average. In fact, some prolific blowback generators produce millions of response packets in the aftermath of a single probe. We also find that blowback generators are fairly stable over periods of weeks, so once identified, many of these hosts can be exploited by attackers for a long time.

翻译：本文研究一种现象：单个探测目标所引发的响应数据包可能生成多个甚至海量数据包——我们称之为“回弹”。理解回弹现象至关重要，因为攻击者可利用其发起放大式拒绝服务攻击：通过将回弹流量重定向至受害者。同时，回弹对互联网研究者具有重大影响，其实验配置必须应对回弹流量的突发冲击。我们研究发现，数万乃至数十万主机（因协议而异）会产生回弹流量，平均放大倍数达数量级。事实上，某些高发回弹生成器在单次探测后可产生数百万响应数据包。我们还发现，回弹生成器在数周内保持相当稳定的活跃状态，因此一旦被识别，攻击者可长期利用这些主机实施攻击。