WSD stress test

Uses exposed WS-Discovery services on UDP 3702 as reflectors to amplify spoofed requests into a much larger response flood against your target.

Run WSD test → All methods

~300x

amplification factor

How it works

WS-Discovery (WSD) is a UDP protocol on port 3702 used by devices like printers and IP cameras to announce themselves on a network. When such devices are reachable from the internet, a small spoofed probe sent with your target's source address triggers a much larger reply sent to the target, producing reflection and amplification. This method validates whether your edge can absorb inbound amplified UDP and whether your own devices are unintentionally exposed as reflectors.

Parameters

Request rate600k ppsProbes sent toward the reflector pool per second

Reflector pool100-10k hostsNumber of exposed WSD endpoints used to reflect

Amplificationup to ~300xRepresentative response-to-request size ratio

Duration10-600 sTest window length

Run it from the CLI

retro-cli

$ retro run wsd --target 203.0.113.45 --duration 120

WSD FAQ

What makes WS-Discovery a reflection vector?+

WSD replies to probes over UDP, which can be spoofed, and the reply is larger than the request. An attacker sends small probes with your address as the source so exposed devices flood you with bigger responses.

How do I stop my own devices from being abused as reflectors?+

Block UDP port 3702 from the internet at your firewall and confirm no printers, cameras, or other appliances expose WS-Discovery publicly. WSD is meant for local networks only.