Theoretical DDoS attack using TFTP protocol

Theoretical DDoSThe researchers published an article that described a theoretically possible DDoS attack. What has been described is not a simple attack, but with traffic amplification and reflection using the TFTP protocol.

Created at2018-12-10 10:10

 November 9, 2018, the researchers published an article that described a theoretically possible DDoS attack. What has been described is not a simple attack, but with traffic amplification and reflection using the TFTP protocol. TFTP is a well-known FTP protocol, but it works a little easier. Use of this protocol is usually limited to internal networks and diskless boot environments. However, reporters argue and support the assertions with evidence that this protocol is used not only in these structures, but also in many others, the attack on which will bring enormous damage.

The TFTP protocol is based on the widely accepted UDP protocol. As is well known, the UDP protocol does not support authentication, which greatly simplifies the attack, and suggests replacing the IP address of the source of the request. Researchers at Edinburgh University. Napier, in turn, published data according to which the gain using TFTP intermediaries can reach 60.

Such a high gain of attack is justified by the fact that port scanning revealed almost 600 thousand servers that work with TFTP and are in the public domain due to incorrect configuration. Journalist and researcher Boris Ziklik comments on the discovery in the following words: “The discovered vulnerability allows hackers to use these publicly accessible servers to enhance garbage traffic in the same way as with other DDoS with amplification, for example, with DNS-enhanced attacks. Under favorable circumstances, the original traffic can be increased to 60 times the volume."

Research supported by practice. Practice shows that the prevailing number of attacks repeat the transmission of a message up to 6 times, which in turn also contributes to strengthening the attack. The researchers also stated that the attack is good both against specific targets and against the objects of their internal network. 

There is no evidence that hackers have used this vulnerability yet, but it is only a matter of time.Based on this study, we recommend that you connect FLOWSPEC's DDoS protection. We have disabled the UDP protocol at the level of the top providers, which allows you not to worry about the possibility of this type of DDoS attack. The performance of our protection also allows you to repel all possible DDoS-attacks. You can read more about the parameters of protection against DDOS attacks from FLOWSPEC company here.

If you have any questions regarding our services, you can contact our technical support service in the following ways:

  •     Telegram;
  •     Jabber;
  •     E-mail;
  •     Ticket system;

Technical support is available 24/7.  

Statistics of new records DDoS attacks

Arbor Networks recently announced its 11th annual report. The report presented data on the security of the global networ..

How a DDoS attack can affect the performance and reputation of your project

 In view of the great competition in the IT market, it is not a secret to anyone that DDoS attack is today the simplest ..

DDoS attacks as a form of online protest

The Social Liberal Party of Democrats 66 in the Netherlands can legalize DDoS attacks, since they can be considered as a..