Menu
Gaming services, hosting companies hit with new type of DDoS attack

Gaming services, hosting companies hit with new type of DDoS attack

Level 3 is warning it has seen a sudden spike in DDoS attacks using portmap

Gaming and hosting companies have been hit with a new kind of DDoS attack that could snowball without preventive steps, Level 3 Communications warned on Monday.

Attackers have figured out how to abuse portmap services that have been left openly accessible on the Internet, said Dale Drew, chief security officer for Level 3.

"We think it has the potential to be very, very bad," Drew said.

Portmap, also referred to as RPCbind, is an open-source utility for Unix systems but also is in Windows. It maps network port numbers to available services.

For example, portmap might be used if someone wants to mount a Windows drive from a Unix file system. Portmap would tell Unix where the drive is located and the right port number.

The problem is that many organizations have left portmap openly running on the Internet, allowing attackers to contact it, Drew said.

If portmap is queried, it can in some cases respond with a very large amount of data. Drew said the attackers are contacting open portmap servers, asking queries but then directing the responses to victim organizations. The UDP traffic overwhelms their networks, Drew said.

The method is referred to as a DDoS amplification attack. Depending on the query sent to portmap, the utility will send between seven to 27 times the traffic back -- or to a victim.

In December, attackers conducted devastating DDoS amplification attacks using remote code vulnerabilities in the network time protocol (NTP), which synchronizes clocks across computers.

The NTP DDoS attacks were some of the largest ever seen, Drew said. He thinks the portmap situation could rival the NTP problem, which is why Level 3 decided to go public with its findings.

About 1 million machines are running portmap open to the Internet, Level 3 found.

"We were very surprised to see how many Unix machines were running this [portmap] on the public Internet," Drew said.

The fix, Drew said, is easy: the portmap protocol should be filtered to be protected from the public Internet.

In the last few weeks, Level 3 has been watching the attackers refine their methods. The largest attacks occurred between Aug. 10 and 12, according to a blog post from Level 3.

Level 3 has a list of all the open portmap servers and has contacted its own customers that are running portmap. It has also sent the list to some ISPs so they can notify their customers to fix portmap.

Drew said he has an idea where the attackers are based, but Level 3 doesn't release attribution information since it may impact its ability to track them.

"We are watching how the bad guys react to that and if they evolve and change and modify," he said.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags hosting companiesDDoS attacksecuritygaming servicesLevel 3 Communications

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments