Top Banner
A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification attacks was reported in October 2016 by Corero Network Security 1 . Reflection-amplification attacks are not a new DDoS trend, but new attack vectors emerge all the time. Attackers continue to exploit decades-old protocols in an effort to achieve stronger amplification, enabling them to inflict greater damage. 1 https://www.corero.com/company/newsroom/press-releases/corero-warns-of-powerful-new-ddos-attack-vector- with-potential-for-terabit-scale-ddos-events/
7

A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification

Mar 31, 2019

Download

Documents

hoangxuyen
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification

A new DDoS attack vector that leverages Lightweight Directory

Access Protocol (LDAP) for reflection-amplification attacks was

reported in October 2016 by Corero Network Security1.

Reflection-amplification attacks are not a new DDoS trend, but

new attack vectors emerge all the time. Attackers continue to

exploit decades-old protocols in an effort to achieve stronger

amplification, enabling them to inflict greater damage.

1 https://www.corero.com/company/newsroom/press-releases/corero-warns-of-powerful-new-ddos-attack-vector-

with-potential-for-terabit-scale-ddos-events/

Page 2: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification
Page 3: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification
Page 4: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification
Page 5: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification

2 https://www.us-cert.gov/ncas/alerts/TA14-017A

Page 6: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification

Rank

Protocol

Amplification Factor

1 NTP 556.9

2 CharGEN 358.8

3 QOTD 140.3

4 RIPv1 131.24

5 Quake Network Protocol 63.9

6 LDAP 46 – 55

7 DNS 28 – 54

8 SSDP 30.8

9 Portman (RCPbind) 7 – 28

10 Kad 16.3

11 Multicast DNS (mDNS) 2 – 10

12 SNMPv2 6.3

13 Stream Protocol 5.5

14 NetBIOS 3.8

15 BitTorrent 3.8