Article 5WN6R DDoSers are using a potent new method to deliver attacks of unthinkable size

DDoSers are using a potent new method to deliver attacks of unthinkable size

by
Dan Goodin
from Ars Technica - All content on (#5WN6R)
evil-packet-800x480.jpg

Enlarge (credit: Getty Images)

Last August, academic researchers discovered a potent new method for knocking sites offline: a fleet of misconfigured servers more than 100,000 strong that can amplify floods of junk data to once-unthinkable sizes. These attacks, in many cases, could result in an infinite routing loop that causes a self-perpetuating flood of traffic. Now, content-delivery network Akamai says attackers are exploiting the servers to target sites in the banking, travel, gaming, media, and web-hosting industries.

These servers-known as middleboxes-are deployed by nation-states such as China to censor restricted content and by large organizations to block sites pushing porn, gambling, and pirated downloads. The servers fail to follow transmission control protocol specifications that require a three-way handshake-comprising an SYN packet sent by the client, an SYN+ACK response from the server, followed by a confirmation ACK packet from the client-before a connection is established.

This handshake limits the TCP-based app from being abused as amplifiers because the ACK confirmation must come from the gaming company or other target rather than an attacker spoofing the target's IP address. But given the need to handle asymmetric routing, in which the middlebox can monitor packets delivered from the client but not the final destination that's being censored or blocked, many such servers drop the requirement by design.

Read 19 remaining paragraphs | Comments

index?i=75IUyOiz7jA:DWParMHh01I:V_sGLiPB index?i=75IUyOiz7jA:DWParMHh01I:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments