Logo

DOSarrest Vulnerability Testing and Optimization
Navigation
  • Home
  • non gamstop casino

A new type of DDoS attack can amplify attack strength by more than 15,300%

on September 19, 2019 |
Cyberattacks Cybercrime cybersecurity DDoS DDoS Attack Specialist

By abusing a little-known multicast protocol, attackers can launch DDoS attacks of immense power, but there may be an easy fix.

Content delivery provider Akamai reports that a new method of launching distributed denial of service (DDoS) attacks ranks as one of the most dangerous of all time.

This new method has already been seen in the wild, which is how Akamai gained an additional level of insight: A gaming industry Akamai client was recently hit with this new kind of attack.

The biggest concern that comes with this new attack is its ability to eat up immense amounts of bandwidth. The client Akamai mentioned saw peaks as high as 35 GB/s during their recent attack.

There’s a key multicast protocol that makes this new kind of DDoS possible: WS-Discovery (WSD).

WSD isn’t a well known protocol, but it is a widely used one, and can be found in thousands of internet-connected devices. WSD is a discovery protocol designed to make IoT devices communicate with a standard language, but it has a problem: It can be spoofed.

TechRepublic sister site ZDNet reported on WSD DDoS attacks at the end of August, giving a concise description of why this attack is so serious: “An attacker can send a UDP packet to a device’s WS-Discovery service with a forged return IP address. When the device sends back a reply, it will send it to the forged IP address, allowing attackers to bounce traffic on WS-Discovery devices, and aim it at the desired target of their DDoS attacks.”

The danger from WS-Discovery

ZDNet continued that WSD attacks aren’t common because of the obscurity of the protocol used to launch it, but this is changing. There has been an uptick in WSD attacks recently and with news about the protocol becoming public it’s likely the risk will only grow.

Akamai notes that WSD was never meant to be an internet-facing technology. Instead, it was meant for use on local area networks so devices could discover each other. Instead, Akamai said, manufacturers of internet-connected devices pushed them out with a misused protocol on them.

ZDNet said that more than 630,000 devices vulnerable to WSD attacks are discoverable on the internet, which give potential attackers a lot of amplification points.

How to stop a WS-Discovery attack

This attack is serious, but if Akamai is correct mitigating it may be simple. That said, if you think devices on your network are vulnerable be sure to follow these instructions: Eliminating attack vectors is only possible if everyone takes the right steps.

Here’s how simple the first part is: Just block UDP source port 3702.

That only covers your servers, though: There will still be traffic slamming your routers, which means you need to put an access control list (ACL) to your routers.

If you have a Cisco-style ACL:

ipv4 access-list [ACCESS-LIST NAME] 1 deny udp any eq 3702 host [TARGET IP] 
ipv4 access-list [ACCESS-LIST NAME] 2 deny udp any host [TARGET IP] fragments 

If you have a Linux iptables APL:

iptables -A INPUT -i [interface] -p udp -m udp —sport 3702 -j DROP 

Akamai paints a grim picture of the future of WSD attacks: “The only thing we can do now is wait for devices that are meant to have a 10 to 15-year life to die out, and hope that they are replaced with more secured version.”

That doesn’t mean you can’t do anything: Take the proper precautions by blocking ports, adding ACLs, and installing critical updates that could mitigate future risks.

Source: https://www.techrepublic.com/article/a-new-type-of-ddos-attack-can-amplify-attack-strength-by-more-than-15300/

Share this story:
  • tweet

Recent Posts

  • Link11 Discovers Record Number of DDoS Attacks in First Half of 2021

    July 15, 2021 - 0 Comment
  • A New Wave of DDoS Extortion Campaigns by Fancy Lazarus

    June 16, 2021 - 0 Comment
  • ‘Fancy Lazarus’ Cyberattackers Ramp up Ransom DDoS Efforts

    June 12, 2021 - 0 Comment
Comments are closed.

Keep updated with the latest DDoS Attacks

RSSSubscribe
  • Home
  • Latest News
  • Contact
  • Sitemap
  • Non Gamstop Casinos
  • Casinos Not Affected By Gamstop
  • Casino Sites Not On Gamstop
  • Casino Not On Gamstop
  • Foods Of England
  • Casnio Not On Gamstop
© Copyright 2013. All Rights Reserved. Web Development by: 6folds Marketing