Original release date: January 17, 2014 | Last revised: April 13, 2016
Certain application-layer protocols that rely on User Datagram Protocol (UDP) have been identified as potential attack vectors:
A Distributed Reflective Denial of Service (DRDoS) attack is a form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible UDP servers, as well as bandwidth amplification factors, to overwhelm a victim system with UDP traffic.
UDP, by design, is a connection-less protocol that does not validate source IP addresses. Unless the application-layer protocol uses countermeasures such as session initiation in VOIP (voice over IP), it is very easy to forge the IP packet datagram to include an arbitrary source IP address . When many UDP packets have their source IP address forged to the victim IP address, the destination server (or amplifier) responds to the victim (instead of the attacker), creating a reflected Denial of Service (DoS) Attack.
Recently, certain UDP protocols have been found to have particular responses to certain commands that are much larger than the initial request. Previously, attackers were limited linearly by the number of packets directly sent to the target to conduct a DoS attack; now a single packet can generate tens or hundreds of times the bandwidth in its response. This is called an amplification attack, and when combined with a reflective DoS attack on a large scale using multiple amplifiers and targeting a single victim, DDoS attacks can be conducted with relative ease.
To measure the potential effect of an amplification attack, a metric called the bandwidth amplification factor (BAF) is used. BAF can be calculated as the number of UDP payload bytes that an amplifier sends to answer a request, compared to the number of UDP payload bytes of the request  .
The list of known protocols—and their associated bandwidth amplification factors—are listed below. US-CERT offers thanks to Christian Rossow for providing this information. For more information on bandwidth amplification factors, please see Christian’s blog and associated research paper.
In March 2015, Software Engineering Institute CERT issued Vulnerability Note (VU#550620) describing the use of mDNS in DRDoS attacks. Attackers can leverage mDNS by sending more information than can be handled by the device, thereby causing a DoS. 
In July 2015, Akamai Technologies’ Prolexic Security Engineering and Research Team (PLXsert) issued a threat advisory describing a surge in DRDoS attacks using the Routing Information Protocol version one (RIPv1). Malicious actors are leveraging the behavior of RIPv1 for DDoS reflection through specially crafted request queries .
In August 2015, Level 3 Threat Research Labs reported a new form of DRDoS attack that uses portmap. Attackers leverage the behavior of the portmap service through spoofed requests and flood a victim’s network with UDP traffic. 
Attackers can utilize the bandwidth and relative trust of large servers that provide the above UDP protocols to flood victims with unwanted traffic, a DDoS attack.
Detection of DRDoS attacks is not easy because of their use of large, trusted servers that provide UDP services. Network operators of these exploitable services may apply traditional DoS mitigation techniques. To detect a DRDOS attack, watch out for abnormally large responses to a particular IP address, which may indicate that an attacker is using the service.
If you are a victim of DRDoS attack, there are a few things you can do to detect such activity and respond:
In general, network and server administrators for Internet service providers (ISPs) should use the following best practices to avoid becoming amplifier nodes:
If you are a victim of DRDoS attack there are a few things you can do to mitigate this attack:
In general, network and server administrators for Internet service providers (ISPs) should use the following as best practices to avoid becoming amplifier nodes:
As a service provider, to avoid any misuse of Internet resources
update dns servers
New Servers Coming Online
As of March 1st, 2015 all of your web sites and email accounts are being served from a new data center. This new data center offers better internet access, security performance and support than the previously contracted one. The final sync will occur Friday March 6th at 11:59pm eastern.
Documentation has been provided to those who may need to make changes to their E-mail programs (Outlook etc.). It is STRONGLY recommended you modify your accounts to use SSL/TLS security settings and strong passwords for your accounts.
Names of relatives (ex.:UncleMo,Chelsea,Tony2012) , common dictionary words (ex.: cattail098, baseballfiend)and the like will no longer be accepted. This is for your own protection.
If you’ve not made the modifications to your email software, your access to your email accounts may stop working. Please refer to the documentation that has been sent to you.
If you have self registered your domains and had not registered them through SolidHostDesign, you can expect that your sites will be in-accessable until your DNS servers are updated with the new server names.
If you see that you are unable to access your web sites or that you are unable to connect to your email accounts and you have made the proper changes to your software on your computers, please open a support ticket by logging into your accounts. Do not wait a week to do so.
Most importantly, please remember the link that you were using to pay invoices now ends in .net instead of .com!
As always, wishing you the best (and heat to those up north!!)