Web Censorship Systems Can Facilitate Massive DDoS Attacks - silversurfer - 23 August 21
Quote:Researchers are warning internet censorship systems are ripe for abuse by a new type of distributed denial of service (DDoS) attack. The potential for abuse is concerning, researchers say, because attacks would take advantage of a type of reflection and amplification, which would be “extremely detrimental to any network” if carried out.
Netscout, which detailed the attack vector, dubbed the type of DDoS attack a Middlebox HTTP Reflection/Amplification (MBHTTP) misconfiguration vulnerability. They say attacks can produce DDoS volumes as high as a 700,000 to 1 amplification factor.
The type of attack is a HTTP Reflection/Amplification, meaning an attacker can both magnify the amount of malicious traffic they generate while obscuring the sources of the attack traffic. An HTTP-based DDoS attack sends junk HTTP requests to a target’s server tying up resources and locking out users from using a particular site or service.
Along with the risk of systems leveraged in massive DDoS attacks the censorship systems themselves would also be crippled, with traffic analysis tools knocked offline and permitted traffic blocked, according to researchers.
Netscout credits a joint team of researchers from the University of Maryland and the University of Colorado Boulder for identifying the widespread configuration vulnerability. Netscout estimates that 200 million IP addresses can potentially be abused to launch attacks of this kind.
“Tens of millions of these devices are exposed and vulnerable to abuse from adversaries and approximately 18 million of these provide at least a 2:1 amplification factor, resulting in one of the most prolific types of reflectors/amplifiers available to adversaries,” wrote Roland Dobbins and Steinthor Bjarnason in a technical analysis posted Friday.
Read more: Web Censorship Systems Can Facilitate Massive DDoS Attacks
|