By Brian Prince on October 16, 2014
Researchers at Akamai Technologies have issued a warning about a spate of distributed denial-of-service attacks being launched via Universal Plug and Play (UPnP) devices.
According to Akamai's Prolexic Security Engineering & Response Team (PLXsert), there has been a spike in reflection and amplification distributed denial-of-service (DDoS) attacks since July that abuse communications protocols that come enabled on UPnP devices such as routers, webcams and printers.
The Simple Service Discovery Protocol (SSDP) is part of the UPnP protocol standard and comes enabled on millions of devices to allow them to discover each other on the network, establish communication and coordinate activities. According to the advisory, attackers have been leveraging SSDP to launch attacks that amplify and reflect traffic to their targets.
The potential of the tactic is significant - PLXsert found 4.1 million Internet-facing UPnP devices that could be used in this type of reflection DDoS attack.
"The rise of reflection attacks involving UPnP devices in an example of how fluid and dynamic the DDoS crime ecosystem can be in identifying, developing and incorporating new resources and attack vectors into its arsenal," the advisory states. "Further development and refinement of attack payloads and tools is likely in the near future."
Full Article
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.