DTLS can amplify DDoS by 37 times

Vladimir Krasnogolovy
Vladimir Krasnogolovy
3 Min Read
Using DTLS amplify DDoS

Netscout warns that using of the DTLS vector allows hackers to amplify DDoS attacks by 37 times.

The researchers found that criminals are using a relatively new vector for amplifying DDoS attacks: the Datagram Transport Layer Security (DTLS) protocol, which provides connection security for protocols using datagrams.

DTLS, like other UDP-based protocols, is susceptible to spoofing, which means it can be used as a DDoS amplification vector. That is, a hacker can send small DTLS packets to a DTLS-enabled device, and the response will be returned to the victim’s address in the form of a much larger packet.

While an anti-spoofing mechanism was designed into DTLS from the outset, it was described in the relevant IETF RFCs as ‘may’, rather than ‘must’ in terms of implementation requirements. As a result, some DTLS implementations do not leverage this anti-spoofing mechanism by default and can thereby be abused to launch DTLS reflection/amplification DDoS attacks.Netscout experts told.

According to experts, earlier this vector of attack amplification was used only by advanced attackers, but now the use of DTLS has become more accessible and even a variety of services for DDoS attacks for hire offer it.

DTLS can amplify DDoS by 37 times

Experts have calculated that DTLS can amplify an attack by 37 times. The largest attacks seen by Netscout were at approximately 45 Gbps. Moreover, attackers combined DTLS with other amplification vectors, resulting in approximately 207 Gbps.

Attacks consist of two or more separate vectors, organized in such a way as to hit the target with all of these vectors at the same time. Such multi-vector attacks are the online equivalent of a combined-arms attack, and their main idea is to crush the defenders, both in terms of attack power and making it as difficult as possible to mitigate it.the experts say.

Netscout reports that there are currently over 4,300 servers on the network vulnerable to this problem. Most often, it is a misconfiguration and outdated software that disables anti-spoofing mechanisms.

In particular, it was previously noted that Citrix Netscaler Application Delivery Controller devices are often vulnerable, although Citrix developers have already urged customers to upgrade to a newer version of the software, where anti-spoofing is enabled by default.

Let me remind you that Google revealed the most powerful DDoS attack in history.

You Might Also Like

Credentials Theft is On The Rise

OAuth2 Session Hijack Vulnerability: Details Uncovered

Microsoft: Supernova and CosmicGale malware detected on systems running SolarWinds

Hackers attacked Microsoft Exchange servers of the European Banking Authority

Microsoft recommends Exchange administrators to disable SMBv1

TAGGED:
Share This Article
By Vladimir Krasnogolovy
Follow:
Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.
Previous Article hackers have access to missile REvil spokesman boasts that hackers have access to ballistic missile launch systems
Next Article The Russian pleaded guilty Russian who tried to hack Tesla was pleaded guilty
Leave a comment

Stay Connected

Latest News

FakeBat Malware Exploits Google Search Ads, Again
FakeBat Loader is Back With New Tactics and Payload
Security News
Ivanti EPM RCE vulnerability fixed, patch now
RCE Vulnerability in Ivanti Endpoint Manager Uncovered, Patch Now
Security News
Hacker Uploads Data Leaked in MOVEit Breaches
Hacker Leaks Corporate Data Stolen in 2023 MOVEit Breaches
Security News
BBVA Bank Hacked, Data Posted on the Darknet Forum
Hacker Leaks BBVA Bank Data, Including User Details
Security News