Distributed denial-of-service (DDoS) attacks are always changing, and there are enough open servers on the internet to enable huge amplification attacks.
Speaking to IT Security Guru, Gary Newe, senior systems engineering manager for UK, Ireland and South Africa at F5 Networks, said that there were volumetric attacks, and these could be enabled by an attacker with a 3G connected phone, but now the capability to launch a 300 400GB attack was possible.
“Every router on the internet is an unsecured SNMP (Simple Network Management Protocol) server, and that is what is being targeted now,” he said. “A while ago I was at home and found that our router’s DNS settings had been changed and was redirecting the websites we were trying to access. We went on the forms and later found out that this had happened to a lot of people.
“We were clicking on websites and they redirected you to somewhere that you downloaded malware from, so it is a kind of ‘man in the browser’ attack.”
Speaking on SNMP attacks, Akamai security evangelist Martin McKeay said that this was the next DDoS attack vector he was worried about as it allows an attacker information to a log management system and, as many are not configured and pull in information, they could send information to any source.
“With SNMP to can look at 400-500 time amplification and there is a lot of information on servers that you can dump on a server, and the NTP protocol means you can send more services that ask for more information from NTP,” he said.
