An Interest In:
Web News this Week
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
Some of Our Sources
- Mashable
- Techcrunch
- You The Designer
- Creative Curio
- Stylized Web
- Wal You
- CSS Tricks
- Android Dissected
- Android Headlines
- TechPowerUp
Help Webnuz
Referal links:
March 18, 2021 01:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/u6OncPLfzOU/4300-publicly-reachable-servers-are-posing-a-new-ddos-hazard-to-the-internet
4,300 Publicly Reachable Servers Are Posing a New DDoS Hazard To the Internet
An anonymous reader quotes a report from Ars Technica: DDoS mitigation provider Netscout said on Wednesday that it has observed DDoS-for-hire services adopting a new amplification vector. The vector is the Datagram Transport Layer Security, or D/TLS, which (as its name suggests) is essentially the Transport Layer Security for UDP data packets. Just as TLS prevents eavesdropping, tampering, or forgery of TLS packets, D/TLS does the same for UDP data. DDoSes that abuse D/TLS allow attackers to amplify their attacks by a factor of 37. Previously, Netscout saw only advanced attackers using dedicated DDoS infrastructure abusing the vector. Now, so-called booter and stressor services -- which use commodity equipment to provide for-hire attacks -- have adopted the technique. The company has identified almost 4,300 publicly reachable D/LTS servers that are susceptible to the abuse. The biggest D/TLS-based attacks Netscout has observed delivered about 45Gbps of traffic. The people responsible for the attack combined it with other amplification vectors to achieve a combined size of about 207Gbps. [...] The 4,300 abusable D/TLS servers are the result of misconfigurations or outdated software that causes an anti-spoofing mechanism to be disabled. While the mechanism is built in to the D/TLS specification, hardware including the Citrix Netscaller Application Delivery Controller didn't always turn it on by default. Citrix has more recently encouraged customers to upgrade to a software version that uses anti-spoofing by default. Besides posing a threat to devices on the Internet at large, abusable D/TLS servers also put organizations using them at risk. Attacks that bounce traffic off one of these machines can create full or partial interruption of mission-critical remote-access services inside the organization's network. Attacks can also cause other service disruptions. Netscout's Hummel and Dobbins said that the attacks can be challenging to mitigate because the size of the payload in a D/TLS request is too big to fit in a single UDP packet and is, therefore, split into an initial and non-initial packet stream.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/u6OncPLfzOU/4300-publicly-reachable-servers-are-posing-a-new-ddos-hazard-to-the-internet
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot