Network Security Firm Corero Warns Of Impending 'Tens Of Terabits Per Second' DDoS Attacks

Status
Not open for further replies.

Communism

Distinguished
Mar 1, 2011
7
0
18,510
0
Aka, the network equipment manufacturing cartels' price fixing of network infrastructure is screwing us all over massively.

But sure, blame the player, never blame the game :p

Game blamers are unpatriotic terrorists :p
 

bit_user

Splendid
Herald
LDAP is a widely used protocol for accessing username and password information in directories such as Microsoft’s Active Directory, which is found on all Windows-based servers. Corero said it has only seen a few short attacks testing this technique against some of its customers so far.

The attacker launches the attack by sending Connectionless LDAP (CLADP) service simple queries, which then generate much larger responses (in terms of bandwidth) from the CLDAP servers. Corero saw an average amplification between 46x-55x for the data sent back compared to the original query sent by the attacker.

When the attackers send the initial query, they spoof their own addresses to match that of the target. The CLDAP servers’ large responses go to the target, thus causing a DDoS attack against the target.
Is it common to have LDAP servers accessible on the public internet? For this to work, attackers would have to amass a list of 50 Tbps worth of accessible LDAP servers. I wonder if the reality might be that the IoT botnet would have more aggregate bandwidth than the LDAP servers, making this exploit largely moot.

Perhaps that's why they revealed it.
 


One of their major uses is internet directory and I'd imagine it isn't difficult to hit huge numbers with such servers because they need high bandwidth for their functions.

Securing them decently isn't difficult and the lack of security is a farce. It's literally as simple as following the standards!
 

Christopher1

Distinguished
Aug 29, 2006
652
0
19,010
5
Easy answer to this bullshit: Null-route the ENTIRE ISP that is having these attacks being done from the computers of their customers until they contact whichever customer is doing the attacks and tell them that bad stuff is being done with their computers.
Yes it is a harsh line to take but it is the proper line to take in my opinion as a person knowledgeable in network infrastructure and computer security.
 

bit_user

Splendid
Herald
Pretty much, but it's harder to do with write amplification because the address of the bot gets obscured.

But I agree that ISPs need to filter this crap close to the source. And backbone providers should block ISPs that fail to cooperate.

Of course, this sort of network censorship can also be abused to block valid traffic... That's the bigger concern, IMO.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS

Latest posts