{"id":2004,"date":"2013-05-02T12:16:08","date_gmt":"2013-05-02T16:16:08","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=2004"},"modified":"2013-05-02T12:16:08","modified_gmt":"2013-05-02T16:16:08","slug":"aging-networking-protocols-abused-in-ddos-attacks","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/05\/02\/aging-networking-protocols-abused-in-ddos-attacks\/","title":{"rendered":"Aging networking protocols abused in DDoS attacks"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Aging networking protocols still employed by nearly every Internet-connected device are being abused by hackers to conduct distributed denial-of-service (DDoS) attacks.
\nSecurity vendor Prolexic found that attackers are increasingly using the protocols for what it terms \u201cdistributed reflection denial-of-service attacks\u201d (DrDos), where a device is tricked into sending a high volume of traffic to a victim\u2019s network.
\n\u201cDrDos protocol reflection attacks are possible due to the inherent design of the original architecture,\u201d Prolexic wrote in a white paper. \u201cWhen these protocols were developed, functionality was the main focus, not security.\u201d
\nGovernment organizations, banks and companies are targeted by DDoS attacks for a variety of reasons. Hackers sometimes use DDoS attacks to draw attention away from other mischief or want to disrupt an organization for political or philosophical reasons.
\nOne of the targeted protocols, known as Network Time Protocol (NTP), is used in all major operating systems, network infrastructure and embedded devices, Prolexic wrote. It is used to synchronize clocks among computers and servers.
\nA hacker can launch at attack against NTP by sending many requests for updates. By spoofing the origin of the requests, the NTP responses can be directed at a victim host.
\nIt appears the attackers are abusing a monitoring function in the protocol called NTP mode 7 (monlist). The gaming industry has been targeted by this style of attack, Prolexic said.
\nOther network devices, such as printers, routers, IP video cameras and a variety of other Internet-connected equipment use an application layer protocol called Simple Network Management Protocol (SNMP).
\nSNMP communicates data about device components, Prolexic wrote, such as measurements or sensor readings. SNMP devices return three times as much data as when they\u2019re pinged, making them an effective way to attack. Again, an attacker will send a spoofed IP request to an SNMP host, directing the response to a victim.
\nProlexic wrote there are numerous ways to mitigate an attack. The best advice is to disable SNMP if it is not needed.
\nThe U.S. Computer Emergency Readiness Team warned administrators in 1996 of a potential attack scenario involving another protocol, Character Generator Protocol, or CHARGEN.
\nIt is used as a debugging tool since it sends data back regardless of the input. But Prolexic wrote that it \u201cmay allow attackers to craft malicious network payloads and reflect them by spoofing the transmission source to effectively direct it to a target. This can result in traffic loops and service degradation with large amounts of network traffic.\u201d
\nCERT recommended at that time to disable any UDP (User Datagram Protocol) service such as CHARGEN if it isn\u2019t needed.
\nvia Aging networking protocols abused in DDoS attacks | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Aging networking protocols still employed by nearly every Internet-connected device are being abused by hackers to conduct distributed denial-of-service (DDoS) […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[6,7],"tags":[259,268,453],"class_list":["post-2004","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","tag-ddos-attack","tag-denial-of-service","tag-hackers"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-wk","jetpack-related-posts":[{"id":7924,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/03\/31\/github-still-recovering-from-huge-ddos-attack-that-started-late-last-week\/","url_meta":{"origin":2004,"position":0},"title":"GitHub still recovering from huge DDoS attack that started late last week","author":"NCCT","date":"March 31, 2015","format":false,"excerpt":"Popular coding website GitHub was the target of a huge distributed denial of service (DDoS) attack that started late last week and ran through the better part of the weekend. Security researchers told The Wall Street Journal that the traffic was originally meant for Baidu, China\u2019s most popular search engine.\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7586,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/02\/06\/sneaky-linux-malware-comes-with-sophisticated-custom-built-rootkit\/","url_meta":{"origin":2004,"position":1},"title":"Sneaky Linux malware comes with sophisticated custom-built rootkit","author":"NCCT","date":"February 6, 2015","format":false,"excerpt":"A malware program designed for Linux systems, including embedded devices with ARM architecture, uses a sophisticated kernel rootkit that\u2019s custom built for each infection. The malware, known as XOR.DDoS, was first spotted in September by security research outfit Malware Must Die. However, it has since evolved and new versions were\u2026","rel":"","context":"In "Linux"","block_context":{"text":"Linux","link":"https:\/\/nccomputertech.com\/techtalk\/category\/linux\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9038,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/10\/03\/this-week-in-tech-582-whos-capping-who\/","url_meta":{"origin":2004,"position":2},"title":"This Week in Tech 582: Who’s Capping Who?","author":"NCCT","date":"October 3, 2016","format":false,"excerpt":"https:\/\/www.youtube.com\/watch?feature=player_detailpage&v=PySBYqZ9RLk With Leo on Vacation, Becky Worley takes the big chair. We discuss predictions about Google's big event next week, Samsung's exploding washing machines, Elon Musk's plans for getting to Mars, women in tech, who should buy Twitter, and the next wave in DDOS attacks. \u2022On October 4th, Google will\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/PySBYqZ9RLk\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":7276,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/29\/sony-playstation-network-is-back-online-now-really\/","url_meta":{"origin":2004,"position":3},"title":"Sony: PlayStation Network is back online now, really","author":"NCCT","date":"December 29, 2014","format":false,"excerpt":"After giving gamers false hope on Saturday, Sony now says its PlayStation Network has been fully restored after a Christmas Day attack that knocked it offline for about three days. At around 1 a.m. U.S. Eastern Time on Sunday, Sony declared its online gaming platform fixed and, as it had\u2026","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3106,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/05\/attackers-reported-seeding-cloud-services-with-malware\/","url_meta":{"origin":2004,"position":4},"title":"Attackers reported seeding cloud services with malware","author":"NCCT","date":"August 5, 2013","format":false,"excerpt":"LAS VEGAS -- Malware writers are ramping up their use of commercial file hosting sites and cloud services to distribute malware programs, security researchers said at this week's Black Hat conference here. Traditionally, malware writers had distributed their malicious code from their own sites. But as security vendors get better\u2026","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8385,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/06\/04\/security-breaches-a-monthly-headache-for-firms-deliberate-targeting-on-the-rise-cost-of-cleaning-up-doubles\/","url_meta":{"origin":2004,"position":5},"title":"Security breaches a monthly headache for firms, deliberate targeting on the rise, cost of cleaning up doubles","author":"NCCT","date":"June 4, 2015","format":false,"excerpt":"Image: Wessel du Plooy\/iStock A growing number of companies are being subjected to increasingly sophisticated attacks on their systems, as the cost of recovering from these assaults continues to rocket. According to the 2015 Information Security Breaches Survey report commissioned by the UK government, 90 percent of large organisations reported\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=2004"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2004\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=2004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=2004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=2004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}