Yet Another Denial Of Service Attack
Denial of Service attacks are a big deal now. Last week the attack against Dyn stopped people from accessing Twitter and hundreds of other busy web sites for hours.
These attacks, called denial of service or distributed denial of service (DDoS) attacks have many computers send a lot of data at a web server until it rolls over,sticks it’s little computer legs in the air and plays dead.
A critical part of these attacks is something called amplification. If I have a 1 megabit internet connection and can amplify that attack by a factor of 20, that 1 megabit connection can hit the target web site with 20 megabits (per second) of traffic. Multiply that by, say, 500,000 computers doing the attack and you can destroy a web site. If I have a 100 megabit Internet connection, the problem is 100 times bigger.
So the hackers keep trying to come up with more powerful amplification attacks, They have a new one. It uses CLDAP, a protocol computers use to authenticate users. Or destroy web servers.
The amplification factor for this attack was between 46 and 55, meaning that, on average, for every 1 character sent, the attack generated 46-55 bytes back to the site being attacked.
1 megabit of traffic from the attacker means at least 46 megabits of traffic that the site being attacked sees. And with these attackers controlling hundreds of thousands to millions of devices – including Internet of Things devices, that adds up to a lot of traffic.
Even if the server didn’t crash, the Internet service provider probably doesn’t have enough bandwidth, so they will take the server down by “blackholing” it, meaning that, at the very edge of the provider’s network, they will discard ALL traffic directed at the site being attacked. The attacker wins. They don’t have to kill the site, the Internet provider does that for them.
Many of – if not most of – these devices that the attackers are using to attack other sites are not configured correctly or do not have the current patches. It is critical that you change default passwords and update devices regularly.
As a result of this most recent attack, the feds are trying to figure out what ISPs can do, but you can likely be much more effective – if you take security of all of your devices – webcams, DVRs, web based doorbells, smart TVs, smart refrigerators – all of it, seriously.
We need your help!
Information for this post came from Softpedia.