The use of news reflection and amplification Distributed Denial Of Service (DDoS) attacks that deliberately misuses communication protocols that come enabled on UPnP devices.
Simple Service Discovery Protocol (SSDP) is a part of UPnP protocols that comes enabled on millions of devices, such as router, webcams and printer, to discover each other and automatically establish communication and coordinate activities.
Prolexic Security Engineering & Response Team (PLXsert) at Akamai Technologies have issued a warning that devices are being co-opted into reflection and amplification DDoS attacks since July that abuse communication protocols enabled on UPnP devices.
"The rise of reflection attacks including UPnP devices in an example of how fluid and dynamic the DDoS crime ecosystem can be in identifying, developing and incorporating new resources attack vectors into its arsenal," The advisory states."Further Development and refinement of attack payloads and tools is likely in the near future".
The weakness in the universal Plug and Play (UPnP) standard could allow an attacker to compromise million of its consumer devices , which could be conscripted by them to launch a DDoS atatck on the target.
Attackers have found that Simple Object Access Protocol (SOAP) can be crafted to elicit a response that reflects and amplifies packet, which can be redirected towards a target.
Post a Comment