Article 5FQ48 ~4,300 Publicly Reachable Servers are Posing a New DDoS Hazard to the Internet

~4,300 Publicly Reachable Servers are Posing a New DDoS Hazard to the Internet

by
Fnord666
from SoylentNews on (#5FQ48)

upstart writes in with an IRC submission:

~4,300 publicly reachable servers are posing a new DDoS hazard to the Internet:

Criminals are upping the potency of distributed denial-of-service attacks[*] with a technique that abuses a widely used Internet protocol that drastically increases the amount of junk traffic directed at targeted servers.

DDoSes are attacks that flood a website or server with more data than it can handle. The result is a denial of service to people trying to connect to the service. As DDoS-mitigation services develop protections that allow targets to withstand ever-larger torrents of traffic, the criminals respond with new ways to make the most of their limited bandwidth.

[...] DDoS mitigation provider Netscout said on Wednesday that it has observed DDoS-for-hire services adopting a new amplification vector. The vector is the Datagram Transport Layer Security, or D/TLS, which (as its name suggests) is essentially the Transport Layer Security for UDP data packets. Just as TLS prevents eavesdropping, tampering, or forgery of TLS packets, D/TLS does the same for UDP data.

DDoSes that abuse D/TLS allow attackers to amplify their attacks by a factor of 37. Previously, Netscout saw only advanced attackers using dedicated DDoS infrastructure abusing the vector. Now, so-called booter and stressor services-which use commodity equipment to provide for-hire attacks-have adopted the technique. The company has identified almost 4,300 publicly reachable D/LTS servers that are susceptible to the abuse.

The biggest D/TLS-based attacks Netscout has observed delivered about 45Gbps of traffic. The people responsible for the attack combined it with other amplification vectors to achieve a combined size of about 207Gbps.

Skilled attackers with their own attack infrastructure typically discover, rediscover, or improve amplification vectors and then use them against specific targets. Eventually, word will leak into the underground through forums of the new technique. Booter/stressor services then do research and reverse-engineering to add it to their repertoire.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments