Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday September 18 2019, @08:55PM   Printer-friendly
from the ask-a-little-get-a-lot dept.

Submitted via IRC for SoyCow2718

Clever New DDoS Attack Gets a Lot of Bang for a Hacker's Buck

One of the trickiest things about stopping DDoS attacks is that hackers constantly develop new variations on familiar themes. Take a recent strike against an unnamed gaming company, which used an amplification technique to turn a relatively tiny jab into a digital haymaker.

On Wednesday, researchers from Akamai's DDoS mitigation service Prolexic detailed a 35 gigabit per second attack against one of its clients at the end of August. Compared to the most powerful DDoS attacks ever recorded, which have topped 1 terabit per second, that might not sound like a lot. But the attackers used a relatively new technique—one that can potentially yield a more than 15,000 percent rate of return on the junk data it spews at a victim.

The new type of attack feeds on vulnerabilities in the implementation of the Web Services Dynamic Discovery protocol. WS-Discovery lets devices on the same network communicate, and can direct them all to ping one location or address with details about themselves. It's meant to be used internally on local access networks, not the rollicking chaos monster that is the public internet. But Akamai estimates that as many as 800,000 devices exposed on the internet can receive WS-Discovery commands. Which means that by sending "probes," a kind of roll-call request, you can generate and direct a firehose of data at targets.

Attackers can manipulate WS-Discovery by sending these specially crafted malicious protocol requests to vulnerable devices like CCTV cameras and DVRs. And because WS-Discovery is built on a network communication protocol known as User Datagram Protocol, the probes can spoof their IP address to make it look like the request came from a target's network. It's a bait and switch; the devices that receive the commands will send their unwanted replies to the DDoS target instead of the attacker.

[...] The spoofing enabled by UDP makes it difficult for defenders to see exactly what commands attackers send in any specific reflection DDoS. So the Akamai researchers don't know specifically what was in the tailored packets hackers sent to trigger the attack on the gaming client. But in its own research, the Akamai team was able to craft smaller and smaller exploits that would generate larger and larger attacks. Criminal hackers are likely not far behind. The Akamai researchers also point out that if botnet operators start automating the process of generating WS-Discovery DDoS attacks, the barrages will crop up even more. Mursch says he sees evidence that's already happening.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by hendrikboom on Thursday September 19 2019, @04:30PM

    by hendrikboom (1125) Subscriber Badge on Thursday September 19 2019, @04:30PM (#896139) Homepage Journal

    I was once receiving packets from outside with an outside source IP number and an outside destination IP number. I complained to my ISP, who told me that this was impossible and those packets must have originated within my system. This despite them coming in through my DSL line.

    Never found out what was going on.

    -- hendrik

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2