Menu
Attackers increasingly abuse insecure routers and other home devices for DDoS attacks

Attackers increasingly abuse insecure routers and other home devices for DDoS attacks

New report shows that the number of attacks is on the rise

Attackers are taking advantage of home routers and other devices that respond to UPnP (Universal Plug and Play) requests over the Internet in order to amplify distributed denial-of-service attacks.

A report released Tuesday by cloud services provider Akamai Technologies shows that the number of DDoS attacks is on the rise. During the second quarter of 2015 it increased by 7 percent compared to the previous three months and by 132 percent compared to the same period last year, the company's data revealed.

Overall, attackers launched less powerful attacks, but their duration was longer. Even so, the company saw 12 attacks that exceeded 100Gbps during the second quarter and five that peaked at more than 50 million packets per second.

Very few organizations have the infrastructure necessary to deal with such attacks on their own. The largest one recorded during the second quarter across Akamai's Prolexic Routed network peaked at 214Mpps and was capable of disrupting high-end routers used by ISPs, the company said.

SYN floods and Simple Service Discovery Protocol (SSDP) reflection were the most popular DDoS vectors used, accounting for 16 percent and 15.8 percent of attacks respectively.

DDoS reflection is a technique where attackers send requests with a spoofed source IP (Internet Protocol) address to third-party computers, causing them to send responses to that address instead of the original sender. The spoofed IP address belongs to the intended victim.

If the original packets are smaller than the generated responses, the technique also has an amplification effect because it allows attackers to generate more traffic than their available bandwidth would normally allow, by reflecting it through other computers.

The amplification factor depends on the protocol used. Vulnerable Domain Name System (DNS) and Network Time Protocol (NTP) servers have repeatedly been abused in recent years to generate large DDoS attacks.

Attackers started using SSDP for DDoS reflection and amplification in the last quarter of 2014 and has since become one of their favorite techniques. Even though the protocol has a lower amplification factor than DNS or NTP, it has one major benefit: it's used by millions of vulnerable devices spread around the world that are unlikely to be patched.

SSDP is part of the Universal Plug and Play (UPnP) set of networking protocols that allows devices to discover each other and establish functional services without manual configuration.

The protocol is intended to be used inside small home and business networks, but there's a very large number of routers and other devices that are configured to respond to SSDP queries over the Internet, making them potential DDoS reflectors.

According to the Shadowserver Foundation, a volunteer organization that promotes Internet security, there are currently about 12 million IP addresses on the Internet that have an open SSDP service.

The SSDP reflection vector has not been subject to the same type of cleanup efforts as NTP and DNS because most of the exploited devices are consumer ones and not servers, Akamai's researchers said in the report.

Their owners are typically home users who are unlikely to realize that their devices are participating in attacks, they said. "Even if they do notice slowness in their networks, they may not have the expertise to troubleshoot, mitigate or detect the cause."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments