DDoS Attackers Have Found This New Trick to Knock Over Websites
upstart writes:
DDoS attackers have found this new trick to knock over websites:
Distributed denial of service (DDoS) attackers are using a new technique to knock websites offline by targeting vulnerable 'middleboxes', such as firewalls, to amplify junk traffic attacks.
Amplification attacks are nothing new and have helped attackers knock over servers with short busts of traffic as high as 3.47 Tbps. Microsoft last year mitigated attacks on this scale that were the result of competition between online-gaming players.
But there's a new attack on the horizon. Akamai, a content distribution network firm, says it has seen a recent wave of attacks using "TCP Middlebox Reflection", referring to transmission control protocol (TCP) - a founding protocol for secured communications on the internet between networked machines. The attacks reached 11 Gbps at 1.5 million packets per second (Mpps), according to Akamai.
The amplification technique was revealed in a research paper last August, which showed that attackers could abuse middleboxes such as firewalls via TCP to magnify denial of service attacks. [...]
Most DDoS attacks abuse the User Datagram Protocol (UDP) to amplify packet delivery, generally by sending packets to a server that replies with a larger packet size, which is then forwarded to the attacker's intended target. The TCP attack takes advantage of network middleboxes that don't comply with the TCP standard. The researchers found hundreds of thousands of IP addresses that could amplify attacks by over 100 times utilizing firewalls and content filtering devices.
So, what was a theoretical attack just eight months ago is now a real and active threat.
Read more of this story at SoylentNews.