Those Harder to Mitigate UPnP-Powered DDoS Attacks Are Becoming a Reality

Discussion in '0-day Release' started by silversurfer, Jun 28, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Security researchers are continuing to see DDoS attacks that leverage the UPnP features of home routers to alter network packets and make DDoS attacks harder to detect and mitigate with classic solutions.

    The UPnP port masking technique is a new one and was first detailed last month by security researchers from Imperva.

    Imperva staff reported that some DDoS botnets had started using the UPnP protocol found on home routers to bounce DDoS traffic off the router, but alter the traffic's source port to a random number.

    By changing the source (origin) port, older DDoS mitigation systems that relied on reading this information to block incoming attacks began failing left and right, allowing DDoS attacks to hit their intended targets.

    Newer DDoS mitigation systems that rely on deep packet inspection (DPI) are capable of detecting these types of attacks that use randomized source ports, but these are also more financially costly for users and also operate slower, taking more time to detect and stop attacks.

    Full Article:
    revC0de, Trim and RGiskardR like this.
  2. Google Adsense

Share This Page