Second white paper in the DrDoS Attacks series: SNMP, NTP and CHARGEN attacks

Originally published: April 30, 2013

Second white paper in the DrDoS Attacks series: SNMP, NTP and CHARGEN attacks

Cyber criminals targeting a vast array of industries are exploiting common protocols to launch Distributed Reflection Denial of Service (DrDoS) attacks. Even printers can be hijacked and made to participate in distributed denial of service (DDoS) attacks. Learn about the three common network protocols used by malicious actors and find out how to prevent and mitigate these kinds of attacks.

What You Need to Know

  • DrDoS protocol reflection attacks are possible due to the inherent design of their original architecture and the structure of the RFC.
  • When these protocols were developed, functionality was the main focus, not security.
  • As networks become more complex and more servers and IP devices are added, the DrDoS protocol threats will continue to grow.

Background

Three common network protocols are frequently used in reflection attacks: Simple Network Management Protocol (SNMP), Network Time Protocol (NTP)
and Character Generator Protocol (CHARGEN).

  • Unlike other DDoS and DrDoS attacks, SNMP attacks allow malicious actors to hijack unsecured network devices – such as routers, printers, cameras, sensors and other devices – and use them as bots to attack third parties.
  • Basic vulnerabilities in the NTP and CHARGEN protocols (used for time synchronization and response testing respectively) can be used to misdirect and amplify server responses to a third party victim.
  • Out-of-the-box device and server configurations leave most networks vulnerable to these attacks.

DrDoS attacks have been a persistent DDoS method for more than ten years. However, during 2012, use of DrDoS attack methodology increased significantly. The technique continues to grow in effectiveness, and it remains a popular attack method for many malicious actors.

Mitigation

Options for mitigating vulnerabilities in network protocols

  • Disable or restrict unneeded functionality. System administrators can help eliminate these vulnerabilities in their networks by securing devices and limiting access.
  • Close security gaps permanently. This method would require creating new protocols because the problems lie at the core of their architectures and functionality. Such changes are unlikely to happen in the short term

Contact Us