Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 21 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Corero Warns of Powerful New DDoS Attack Vector with Potential for Terabit-Scale DDoS Events

by The Gurus
October 26, 2016
in Editor's News
Share on FacebookShare on Twitter

Corero Network Security , a security solutions provider against DDoS attacks, has disclosed a significant new zero-day DDoS attack vector observed for the first time against its customers last week.  The new technique is an amplification attack, which utilizes the Lightweight Directory Access Protocol (LDAP): one of the most widely used protocols for accessing username and password information in databases like Active Directory, which is integrated in most online servers.
While Corero’s team of DDoS mitigation experts has so far only observed a handful of short but extremely powerful attacks against their protected customers originating from this vector; the technique has potential to inflict significant damage by leveraging an amplification factor seen at a peak of as much as 55x. Therefore, in terms of its potential scale, if combined with the Internet of Things botnet that was utilized in the recent 655 Gigabyte attack against Brian Krebs’s website, we could soon see new records broken in the DDoS attack landscape, with potential to reach tens of Terabits per second in size in the not too distant future.  The DDoS landscape has been extremely volatile in recent weeks, particularly with the release of the Mirai code and subsequent Mirai infected Internet of Things (IoT) devices, and we expect this trend to continue for the foreseeable future.
Dave Larson, CTO/COO at Corero Network Security, explains: “This new vector may represent a substantial escalation in the already dangerous DDoS landscape, with potential for events that will make recent attacks that have been making headlines seem small by comparison. When combined with other methods, particularly IoT botnets, we could soon see attacks reaching previously unimaginable scale, with far-reaching impact. Terabit scale attacks could soon become a common reality and could significantly impact the availability of the Internet– at least degrading it in certain regions.”
Reflection and amplification attacks
In this case, the attacker sends a simple query to a vulnerable reflector supporting the Connectionless LDAP service (CLDAP) and using address spoofing makes it appear to originate from the intended victim. The CLDAP service responds to the spoofed address, sending unwanted network traffic to the attacker’s intended target.
Amplification techniques allow bad actors to intensify the size of their attacks, because the responses generated by the LDAP servers are much larger than the attacker’s queries. In this case, the LDAP service responses are capable of reaching very high bandwidth and we have seen an average amplification factor of 46x and a peak of 55x.
Dave Larson explains: “LDAP is not the first, and will not be the last, protocol or service to be exploited in this fashion. Novel amplification attacks like this occur because there are so many open services on the Internet that will respond to spoofed record queries. However, a lot of these attacks could be eased by proper service provider hygiene, by correctly identifying spoofed IP addresses before these requests are admitted to the network. Specifically, following the best common practice, BCP 38, described in the Internet Engineering Task Force (IETF) RFC 2827, which describes router configurations that are designed to eliminate spoofed IP address usage by employing meaningful ingress filtering techniques, would reduce the overall problem of reflected DDoS by at least an order of magnitude.
“Today’s DDoS attacks are increasingly automated, meaning that attackers can switch vectors faster than any human can respond. The only effective defense against this type of DDoS attack vector requires automated mitigation techniques. Relying on out-of-band scrubbing DDoS protection to stop these attacks will cause significant collateral damage. Given the short duration and high volume attacks, legacy solutions simply cannot identify and properly mitigate in time to protect network availability.”

FacebookTweetLinkedIn
Tags: corero network securityCyberCyber SecurityDDoSkrebs
ShareTweetShare
Previous Post

Huawei addresses supply chain risks in new whitepaper

Next Post

Terabit-scale DDoS events are on the horizon

Recent News

Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023
TikTok to be banned from UK Government Phones

TikTok to be banned from UK Government Phones

March 17, 2023
New AT&T Cybersecurity USM Anywhere Advisors Service Helps to Establish and Maintain Threat Detection and Response Effectiveness

Should Your Organization Be Worried About Insider Threats?

March 17, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information