DoS loop: new threat on UDP protocol puts digital security at risk
300,000 systems exposed: how to deal with the innovative attack that exploits UDP vulnerabilities
CISPA has discovered a cyber attack, called Loop DoS, that targets systems using UDP, causing endless traffic between servers with fake IP addresses. Around 300,000 devices are at risk. Security patches and preventative methodologies are recommended to avoid this.
The CISPA Helmholtz Center for Information Security, a German institution, recently uncovered a novel cyber threat targeting systems that employ the User Datagram Protocol (UDP) for communication. Known as Loop DoS, this malicious technique can cause an endless dialogue between servers through the use of manipulated IP addresses, compromising the availability of the affected services. UDP, known for its connectionless data transmission method, emerges as an ideal candidate for these types of spoofing attacks. Analysts estimate that up to 300,000 systems are exposed to risk due to this vulnerability.
Characteristics of the Loop DoS attack and its targets
The operation of the Loop DoS attack is based on generating uninterrupted communications between servers operating on vulnerable versions of UDP, via spoofed IP addresses. This activity generates an incessant exchange of error messages, draining the resources of the systems involved. Some of the common protocols subject to this attack include DNS, NTP, TFTP, as well as older ones like QOTD, Chargen, and Echo. Research shows that even modern protocols are susceptible, thus broadening the scope of the attack.
The current context and possible solutions
Although approximately 300,000 potentially vulnerable hosts have been identified, there are currently no reported cases of actual attacks. A preliminary report has exposed various hardware devices potentially at risk, including products from recognized brands such as Arris, Cisco and D-Link. Following the discoveries, specific vulnerabilities, such as CVE-2024-1309 for Honeywell devices, were communicated to manufacturers for investigation and fixes.
Prevention and mitigation strategies
To effectively combat Loop DoS, CERT/CC experts recommend promptly applying the security patches provided by the manufacturers, capable of neutralizing the highlighted critical issues. Alternatively, they suggest replacing devices that are no longer supported by updates. The configuration of advanced firewalls, the adoption of the TCP protocol and the use of request validation techniques prove to be other valid preventive measures. Finally, implementing anti-spoofing and Quality of Service (QoS) policies further strengthens protection against potential Loop DoS attacks.
Follow us on Threads for more pills like this03/23/2024 09:51
Marco Verro