A new DDoS attack leverages unprotected UPnP routers to make attacks harder to stop.
May 15, 2018
A new DDoS technique is adding a new twist to this common threat and upping the chance that an attack will have an impact on business operations. The new attack leverages a known vulnerability in Universal Plug and Play (UPnP) to get around many of the current defense techniques and swamp a target's network and servers.
The basis of the attack is a DNS amplification technique that bounces a DNS query response to the victim based on a spoofed requester address. In this new DDoS approach, though - detailed by researchers at Imperva - the attack mechanism is a UPnP router that is happy to forward requests from one external source to another (in violation of UPnP behavior rules). Using the UPnP router returns the data on an unexpected UDP port from a spoofed IP address, making it more difficult to take simple action to shut down the traffic flood.
In the original attack and the new proof of concept, a DNS amplification was used, but the researchers note that there's no technical reason that a similar approach couldn't be used in SSDP, DNS, and NTP attacks.
When both source address and port are obfuscated, many current DDoS remediation techniques become ineffective. While deep packet inspection will work against the attack, it's a resource-intensive method that can be both costly and limited. The researchers say that the most effective way to stop this attack method is for organizations to lock down their UPnP routers, taking a weapon out of the hands of attackers.
Related Content:
About the Author(s)
You May Also Like
Unleash the Power of Gen AI for Application Development, Securely
March 19, 2024The Anatomy of a Ransomware Attack, Revealed
March 20, 2024How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
March 26, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024