Network Security Firm Corero Warns Of Impending 'Tens Of Terabits Per Second' DDoS Attacks

[Lucian Armasu]

Corero, a network security firm, warned that in the not too distant future we might see "tens of terabit per second" DDoS attacks created with vulnerable IoT devices and innovative techniques that can amplify the attacks by orders of magnitude.

Network Security Firm Corero Warns Of Impending 'Tens Of Terabits Per Second' DDoS Attacks : Read more

 

[AJSB]

Test

 

[DookieDraws]

Oh, no! Not again!

 

[Communism]

Aka, the network equipment manufacturing cartels' price fixing of network infrastructure is screwing us all over massively.

But sure, blame the player, never blame the game

Game blamers are unpatriotic terrorists

 

[bit_user]

LDAP is a widely used protocol for accessing username and password information in directories such as Microsoft’s Active Directory, which is found on all Windows-based servers. Corero said it has only seen a few short attacks testing this technique against some of its customers so far.

The attacker launches the attack by sending Connectionless LDAP (CLADP) service simple queries, which then generate much larger responses (in terms of bandwidth) from the CLDAP servers. Corero saw an average amplification between 46x-55x for the data sent back compared to the original query sent by the attacker.

When the attackers send the initial query, they spoof their own addresses to match that of the target. The CLDAP servers’ large responses go to the target, thus causing a DDoS attack against the target.

Is it common to have LDAP servers accessible on the public internet? For this to work, attackers would have to amass a list of 50 Tbps worth of accessible LDAP servers. I wonder if the reality might be that the IoT botnet would have more aggregate bandwidth than the LDAP servers, making this exploit largely moot.

Perhaps that's why they revealed it.

 

[blazorthon]

Is it common to have LDAP servers accessible on the public internet? For this to work, attackers would have to amass a list of 50 Tbps worth of accessible LDAP servers. I wonder if the reality might be that the IoT botnet would have more aggregate bandwidth than the LDAP servers, making this exploit largely moot.

Perhaps that's why they revealed it.

One of their major uses is internet directory and I'd imagine it isn't difficult to hit huge numbers with such servers because they need high bandwidth for their functions.

Securing them decently isn't difficult and the lack of security is a farce. It's literally as simple as following the standards!

 

[jabliese]

I thought the record breaking DDOS attacks already were using some form of amplification, if not LDAP, throwing off your math?

 

[Christopher1]

Easy answer to this bullshit: Null-route the ENTIRE ISP that is having these attacks being done from the computers of their customers until they contact whichever customer is doing the attacks and tell them that bad stuff is being done with their computers.
Yes it is a harsh line to take but it is the proper line to take in my opinion as a person knowledgeable in network infrastructure and computer security.

 

[bit_user]

Easy answer to this bullshit: Null-route the ENTIRE ISP that is having these attacks being done from the computers of their customers until they contact whichever customer is doing the attacks and tell them that bad stuff is being done with their computers.

Pretty much, but it's harder to do with write amplification because the address of the bot gets obscured.

But I agree that ISPs need to filter this crap close to the source. And backbone providers should block ISPs that fail to cooperate.

Of course, this sort of network censorship can also be abused to block valid traffic... That's the bigger concern, IMO.