DTX Manchester DTX Manchester
  • About Us
Friday, 26 February, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

SNMP amplification could allow major DDoS attack sizes

by The Gurus
July 8, 2014
in Editor's News
Share on FacebookShare on Twitter

The next distributed denial-of-service (DDoS) vector to be concerned about is SNMP (Simple Network Management Protocol) amplification attacks.
 
Speaking to IT Security Guru, Akamai security evangelist Martin McKeay said that this was the next DDoS attack vector he was worried about as it allows an attacker information to a log management system and, as many are not configured and pull in information, they could send information to any source.
 
“With DNS you look at a 20-50 amplification, with NTP it is 1-20 time amplification. But with SNMP to can look at 400-500 time amplification and there is a lot of information on servers that you can dump on a server, and the NTP protocol means you can send more services that ask for more information from NTP,” he said.
 
Corero Network Security chief executive Ashley Stephenson said that, with SNMP, theoretically you can request larger packets to be sent so technically this was true. But he said that you have to find enough vulnerable servers to manipulate. “DNS has some amplification techniques that you can leverage and you don’t often find servers with recursions exposed,” he said.
 
“The reason NTP become so popular is because there are millions of NTP servers on the internet that are not behind firewalls as they are doing their job and have had amplification up to 1,000 open, and it is the number of sources they can open. With SNMP once you get a hundred you are up and running with the attack but with the time you spent searching for server, it could be better spent looking for service bots.”
 
Darren Anstee, director of solutions architects at Arbor Networks, said that there are (unfortunately) quite a few protocols that can be used to amplify the size of DDoS attacks, with NTP and DNS being the most well known of these. “In fact, NTP reflection was probably responsible for the most concentrated burst of large Volumetric DDoS attacks ever seen on the Internet through February and March this year,” he said.
 
He acknowledged that SNMP is one of many protocols which can be used for amplification attacks and there are a lot of exploitable devices available to attackers, and the amplification factor for SNMP can be considerable (higher than DNS and comparable to NTP) if the attackers know what they are doing.
 
“SNMP reflection attacks are becoming more common at the moment, although we aren’t yet seeing them yet in anything like numbers we are seeing DNS and NTP reflection attacks, and there is scope for very large attacks to be generated; the largest we have seen so far this year though is at 18.6Gb/sec (much smaller than the large NTP and DNS reflection attacks we have seen).”
 
Danny McPherson, senior vice president and chief security officer at Verisign, said that time will tell how large a threat this vector is, but it is definitely something we are watching closely as well. “SNMP is another common UDP protocol used for network management that we will see targeted more and more for amplification attacks due to their availability – several types of network devices come with SNMP ‘on’ by default – and high amplification ability,” he said.

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: attackDDoSDNS
ShareTweetShare
Previous Post

Estonia admits it detected a number of attempted attacks

Next Post

Hotel Hippo closed by parent after vulnerability disclosure

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Npower shuts down app after hackers steal customer bank info  

February 26, 2021
Partnership announcement: Edgescan partners with BSI to deliver safe and secure client solutions

Edgescan partners with BSI to deliver safe and secure client solutions

February 26, 2021
Microsoft building

Microsoft failed to fix known problems that could have prevented SolarWinds hack

February 26, 2021
Microscope

Dutch Research Council experience ransomware attack

February 26, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept