November 9, 2018, the researchers published an article that described a theoretically possible DDoS attack. What has been described is not a simple attack, but with traffic amplification and reflection using the TFTP protocol. TFTP is a well-known FTP protocol, but it works a little easier. Use of this protocol is usually limited to internal networks and diskless boot environments. However, reporters argue and support the assertions with evidence that this protocol is used not only in these structures, but also in many others, the attack on which will bring enormous damage.
The TFTP protocol is based on the widely accepted UDP protocol. As is well known, the UDP protocol does not support authentication, which greatly simplifies the attack, and suggests replacing the IP address of the source of the request. Researchers at Edinburgh University. Napier, in turn, published data according to which the gain using TFTP intermediaries can reach 60.
Such a high gain of attack is justified by the fact that port scanning revealed almost 600 thousand servers that work with TFTP and are in the public domain due to incorrect configuration. Journalist and researcher Boris Ziklik comments on the discovery in the following words: “The discovered vulnerability allows hackers to use these publicly accessible servers to enhance garbage traffic in the same way as with other DDoS with amplification, for example, with DNS-enhanced attacks. Under favorable circumstances, the original traffic can be increased to 60 times the volume."
Research supported by practice. Practice shows that the prevailing number of attacks repeat the transmission of a message up to 6 times, which in turn also contributes to strengthening the attack. The researchers also stated that the attack is good both against specific targets and against the objects of their internal network.
There is no evidence that hackers have used this vulnerability yet, but it is only a matter of time.Based on this study, we recommend that you connect FLOWSPEC's DDoS protection. We have disabled the UDP protocol at the level of the top providers, which allows you not to worry about the possibility of this type of DDoS attack. The performance of our protection also allows you to repel all possible DDoS-attacks. You can read more about the parameters of protection against DDOS attacks from FLOWSPEC company here.
If you have any questions regarding our services, you can contact our technical support service in the following ways:
Technical support is available 24/7.
Arbor Networks recently announced its 11th annual report. The report presented data on the security of the global networ..
In view of the great competition in the IT market, it is not a secret to anyone that DDoS attack is today the simplest ..