# codreflection **Explanation** This event is designed to detect CoD (Call of Duty) reflection attacks that can cause a significant disruption to your network. CoD reflection attacks occur when an attacker sends a packet to an open CoD server port, requesting information from a specific IP address. The server responds with an amplified packet, hitting the target with a flood of traffic that can quickly bring down a network. **What to Look For** If this event is triggered, it means that Netography Fusion has detected anomalies in the network traffic that suggest a CoD reflection attack may be underway. The NDM Event will provide details on the source and destination addresses, the type of attack, and the protocols used in the communication. Look for any unusual patterns or behavior that could indicate an attack, and take immediate action to block traffic from the identified sources. You may also want to examine any endpoints that are sending or receiving traffic to see if they are infected with malware or other vulnerabilities that could be exploited in a CoD reflection attack. **Related MITRE ATT\&CK Categories** [Impact: Network Denial of Service, Technique T1498 - Enterprise](https://attack.mitre.org/techniques/T1498) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fusion.vectra.ai/detection-models/library/denial-of-service/codreflection.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.