Recently, Brian Krebs’s website (http://krebsonsecurity.com/) was hit by a DDoS attack of over 600 Gigabits of traffic per second. At first maybe by DNS reflection attack, where routers & other systems providing local DNS services are tricked into providing DNS responses to the target’s spoofed IP address on the WAN side. I always assumed that routers didn’t provide DNS services to the WAN side, but it sounds like some do(?) (See the Krebs link above’s September 21 2016 blog post.) From the blog post, it looks instead like it was a different type of attack.
But the reflection attack business prompts me to ask this dumb question: Can Pepwave routers get used in such a reflection attack by some miscreants? If so, is there a way to prevent it?