Protocol found in webcams and DVRs is fueling a new round of big DDoSes
Hackers have found a new way to amplify the crippling effects of denial-of-service technique by abusing an improperly implemented tool found in almost 1 million network-connected cameras, DVRs, and other Internet-of-things devices.
The technique abuses WS-Discovery, a protocol that a wide array of network devices use to automatically connect to one another. Often abbreviated as WSD, the protocol lets devices send user datagram protocol packets over port 3702 that describe the device capabilities and requirements. Devices that receive the probes can respond with replies that can be tens to hundreds of times bigger. WSD has shipped with Windows since Vista and is one of the ways the operating system automatically finds network-based printers.
IoT strikes againThe WSD specification calls for probes and responses to be restricted to local networks, but over the past few months, researchers and attackers have started to realize that many Internet-of-things devices allow devices to send probes and responses over the Internet at large. The result: these improperly designed devices have become a vehicle capable of converting modest amounts of malicious bandwidth into crippling torrents that take down websites. Depending on the device, responses can be anywhere from seven to 153 times bigger, an amplification that puts WSD among the most powerful techniques for amplifying distributed denial of service attacks.
Read 14 remaining paragraphs | Comments