May 27, 2022
TCP Based DDoS Reflection Amplification Attack Pose A Serious Threat

Analysts have demonstrated the functioning of a  new DDoS attack vector. It is capable of amplifying attacks 1000x or more. This research, which uses TCP protocols to perform DDoS reflection amplification attacks, is the first in this field.

DDoS Reflection Amplification Description

DDoS assaults were first recorded in the early 2000s and were used to overload a victim’s hosting infrastructure using malicious packets.

The tactics used to perform DDoS assaults have evolved throughout time. The DDoS reflection amplification assault was one of the most hazardous tactics.

Using an intermediate point, attackers can efficiently mirror and magnify traffic towards the infrastructure of the victim.

The greatest vectors for this type of attack are servers executing UDP-based protocols like DNS, SNMP, NTP, NetBIOS, and CoAP.

TCP-Based Attack Description

To make things worse, according to a group of scientists, network middleboxes such as load balancers, Network Address Translators (NATs), firewalls, and Deep Packet Inspection (DPI) boxes may be used to conduct more complex DDoS reflection amplification assaults.

They discovered a vulnerability in middlebox architecture that threat actors can exploit to transmit an incorrect TCP packet sequence.

Adult material, social networking, gambling, and file-sharing domains were discovered to be possible vectors for the novel TCP-based DDoS reflection amplification assault throughout the investigation.

Issues Of Concern

The attack vector is yet to be deployed on the internet. Even then, the researchers say that TCP-based assaults are considerably more powerful than the initial attacks which are UDP-based reflection amplification attacks.

200M IPv4 addresses relating to networking middleboxes are susceptible to the new type of DDoS assault, according to the study team.

Final Notes

Researchers have alerted middlebox suppliers in a number of nations that are expected to be targeted in the near future. These include sellers in Egypt, China, Iran, India, Qatar, Oman, Saudi Arabia, Russia, the U.S., and the U.A.E. Based on the data, researchers concluded that dealing with this attack vector needs more than firmware updates. This involves updating the settings of the middleboxes on the networks where they are deployed.

Leave a Reply

Your email address will not be published.