Researchers have disclosed a nasty new way for bad people to mess up the internet for the rest of us. Theyâve found a fantastically powerful reflective-amplification attack technique that could easily be used for distributed denial of service (DDoS).
Youâll be pleased to know the researchers havenât wasted their time dreaming up a fancy name or a logo. On the other hand, theyâre far from hopeful that the problems can be fixed.
Nation-states would have to fix their firewalls, which ainât gonna happen. In todayâs SB Blogwatch, this is why we canât have nice things.
Your humble blogwatcher curated these bloggy bits for your entertainment.
âInfiniteâ Amplification Ahoy
Whatâs the craic? Catalin Cimpanu reportsââFirewalls and middleboxes can be weaponized for gigantic DDoS attacksâ:
Weaponizing this attack is relatively simpleâ
Academics said they discovered a way to abuse the TCP protocol, firewalls, and other network middleboxes to launch giant distributed denial of service (DDoS) attacks. ⊠The research is the first of its kind to describe a method to carry out DDoS reflective amplification attacks via the TCP protocol, previously thought to be unusable for such operations.
âŠ
Reflective amplificationââŠâhappens when an attacker sends network packets to a third-party server on the internet, the server processes and creates a much larger response packet, which it then sends to a victim instead of the attacker. ⊠The amplification factor for these TCP-based attacks is also far larger than UDP protocols, making TCP protocol abuse one of the most dangerous forms ofââŠâDDoS.
âŠ
The flaw they found was in the design of middleboxes, which are equipment installed inside large organizations that inspect network traffic. ⊠If the attacker tried to access a forbidden website, then the middlebox would respond with a âblock page,â which would typically be much larger than the initial packetâhence an amplification effect. ⊠Weaponizing this attack is relatively simple.
Distributed Denial of Service (DDoS) Attacks: Classification, Attacks, Challenges and Countermeasures