Security researchers have discovered a new vector for DDoS amplification attacks – and it’s quite literally trivial. Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years. Researchers at Edinburgh Napier University have discovered that the TFTP protocol (Trivial File Transfer Protocol) might be abused in a similar way. Unlike DNS and NTP, TFTP has no business being exposed on internet-facing systems. Yet port scanning research indicated that there about 599,600 publicly open TFTP servers.
View full story
ORIGINAL SOURCE: The Register