New DDoS amplification vector could enable massive attacks

Security researchers have sounded the alarm about a vulnerability in a UDP-based network service called Service Location Protocol (SLP) that can be abused to amplify DDoS attacks. Tens of thousands of systems and devices have this service exposed to the Internet. Attackers could use them to generate massive attacks, and cleaning them up will likely take a long time.

Researchers from security firms Bitsight and Curesec found a vulnerability that allows attackers to exploit SLP endpoints in a specific way that will generate large responses and then reflect those responses back to victims.

How DDoS reflection attacks and DDoS amplification work

DDoS reflection is an attack technique that relies on sending traffic to a server and having it send its response to a different IP address. This type of attack typically works with communication protocols that are built on top of the User Datagram Protocol (UDP), which along with the Transmission Control Protocol (TCP) is one of the basic protocols for transmitting data over ‘Internet.

Unlike TCP, however, UDP was built for speed and has no additional checks in place, making it susceptible by design to source address spoofing. This means that an attacker can send a UDP packet to a server but put a different source IP address in the packet instead of their own. This will cause the server to send its response to whatever source IP address is set.

In addition to the reflection effect, which hides the real origin of the traffic, with certain UDP-based protocols the resulting traffic can also be amplified, meaning that the response generated is much larger than the original request . This is known as DDoS amplification and is very useful for attackers because it allows them to generate more unsolicited traffic to a target than they could by sending packets directly from machines under their control.

DDoS amplification works with a variety of protocols including DNS (Domain Name System), mDNS (Multicast DNS), NTP (Network Time Protocol), SSDP (Simple Service Discovery Protocol), SNMP (Network simple network management) and others because they all use UDP for transmission. Therefore, servers exposed to the Internet that accept packets in these protocols and generate responses can be abused for DDoS amplification and have historically been used to generate some of the largest DDoS attacks to date.

Copyright © 2023 IDG Communications, Inc.

Source link
Recent research has shown that a new Distributed Denial of Service (DDoS) amplification vector could enable highly sophisticated and powerful cyberattacks. A DDoS attack is one of the most destructive weapons in the digital armory. It is used by malicious attackers to take down a website or otherwise paralyze an online service by overwhelming it with a surge of artificially generated traffic.

A new amplification vector can enable an attacker to send a greater volume of malicious traffic to their target, greatly amplifying the force of a potential attack. This could have an even greater impact on Internet services, potentially leading to disruptions in vital services and damage to websites, content, and data.

The research was conducted by a team of experts from the cybersecurity company Ikaroa, who looked into the implications of this new vector, what the consequences could be and how it might create a more hostile environment for Internet users.

The team at Ikaroa discovered that the new vector not only amplifies the attack power but also makes it much harder for the target of the attack to detect and identify it. This could lead to a new wave of highly destructive attacks with potentially catastrophic consequences. The team also wrote a research paper outlining the various vulnerabilities associated with the vector and proposed some countermeasures.

The research makes it abundantly clear that a new wave of sophisticated DDoS attacks is imminent and the threat landscape around the Internet could become a lot more dangerous if appropriate security tools are not in place.

At Ikaroa, we strongly recommend that companies and organizations take appropriate precautions and upgrade their security systems with additional protections. We also advise our customers to consult experienced cybersecurity experts to design and implement more effective security strategies and countermeasures that are suitable for their specific needs.


Leave a Reply

Your email address will not be published. Required fields are marked *