DTLS can amplify DDoS by 37 times

Using DTLS amplify DDoS

Netscout warns that using of the DTLS vector allows hackers to amplify DDoS attacks by 37 times.

The researchers found that criminals are using a relatively new vector for amplifying DDoS attacks: the Datagram Transport Layer Security (DTLS) protocol, which provides connection security for protocols using datagrams.

DTLS, like other UDP-based protocols, is susceptible to spoofing, which means it can be used as a DDoS amplification vector. That is, a hacker can send small DTLS packets to a DTLS-enabled device, and the response will be returned to the victim’s address in the form of a much larger packet.

While an anti-spoofing mechanism was designed into DTLS from the outset, it was described in the relevant IETF RFCs as ‘may’, rather than ‘must’ in terms of implementation requirements. As a result, some DTLS implementations do not leverage this anti-spoofing mechanism by default and can thereby be abused to launch DTLS reflection/amplification DDoS attacks.Netscout experts told.

According to experts, earlier this vector of attack amplification was used only by advanced attackers, but now the use of DTLS has become more accessible and even a variety of services for DDoS attacks for hire offer it.

DTLS can amplify DDoS by 37 times

Experts have calculated that DTLS can amplify an attack by 37 times. The largest attacks seen by Netscout were at approximately 45 Gbps. Moreover, attackers combined DTLS with other amplification vectors, resulting in approximately 207 Gbps.

Attacks consist of two or more separate vectors, organized in such a way as to hit the target with all of these vectors at the same time. Such multi-vector attacks are the online equivalent of a combined-arms attack, and their main idea is to crush the defenders, both in terms of attack power and making it as difficult as possible to mitigate it.the experts say.

Netscout reports that there are currently over 4,300 servers on the network vulnerable to this problem. Most often, it is a misconfiguration and outdated software that disables anti-spoofing mechanisms.

In particular, it was previously noted that Citrix Netscaler Application Delivery Controller devices are often vulnerable, although Citrix developers have already urged customers to upgrade to a newer version of the software, where anti-spoofing is enabled by default.

Let me remind you that Google revealed the most powerful DDoS attack in history.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *