• Home

  • Documents

  • A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack...
7
A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification attacks was reported in October 2016 by Corero Network Security 1 . Reflection-amplification attacks are not a new DDoS trend, but new attack vectors emerge all the time. Attackers continue to exploit decades-old protocols in an effort to achieve stronger amplification, enabling them to inflict greater damage. 1 https://www.corero.com/company/newsroom/press-releases/corero-warns-of-powerful-new-ddos-attack-vector- with-potential-for-terabit-scale-ddos-events/

A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification

Embed Size (px)

Citation preview

Page 1: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification

A new DDoS attack vector that leverages Lightweight Directory

Access Protocol (LDAP) for reflection-amplification attacks was

reported in October 2016 by Corero Network Security1.

Reflection-amplification attacks are not a new DDoS trend, but

new attack vectors emerge all the time. Attackers continue to

exploit decades-old protocols in an effort to achieve stronger

amplification, enabling them to inflict greater damage.

1 https://www.corero.com/company/newsroom/press-releases/corero-warns-of-powerful-new-ddos-attack-vector-

with-potential-for-terabit-scale-ddos-events/

https://www.corero.com/company/newsroom/press-releases/corero-warns-of-powerful-new-ddos-attack-vector-with-potential-for-terabit-scale-ddos-events/
https://www.corero.com/company/newsroom/press-releases/corero-warns-of-powerful-new-ddos-attack-vector-with-potential-for-terabit-scale-ddos-events/
Page 2: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification
Page 3: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification
Page 4: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification
Page 5: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification

2 https://www.us-cert.gov/ncas/alerts/TA14-017A

https://www.us-cert.gov/ncas/alerts/TA14-017A
Page 6: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification

Rank

Protocol

Amplification Factor

1 NTP 556.9

2 CharGEN 358.8

3 QOTD 140.3

4 RIPv1 131.24

5 Quake Network Protocol 63.9

6 LDAP 46 – 55

7 DNS 28 – 54

8 SSDP 30.8

9 Portman (RCPbind) 7 – 28

10 Kad 16.3

11 Multicast DNS (mDNS) 2 – 10

12 SNMPv2 6.3

13 Stream Protocol 5.5

14 NetBIOS 3.8

15 BitTorrent 3.8

Page 7: A new DDoS attack vector that leverages Lightweight ... Protocols_New... · A new DDoS attack vector that leverages Lightweight Directory Access Protocol (LDAP) for reflection-amplification

F5 Networks, Inc. | f5.com

mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]

Leverages Final

Leverages Final

Documents
E-LDAT: a lightweight system for DDoS flooding attack detection …jkalita/papers/2016/BhuyanMonowarSCN... · 2016-09-13 · we develop the system model for DDoS attack detection

E-LDAT: a lightweight system for DDoS flooding attack detection …jkalita/papers/2016/BhuyanMonowarSCN... · 2016-09-13 · we develop the system model for DDoS attack detection

Documents
A Taxonomy of DDoS Attack and DDoS Defense Mechanisms

A Taxonomy of DDoS Attack and DDoS Defense Mechanisms

Documents
Datasheet: DDoS Protection - Grayhats Datasheet DDoS...or OpenBSD vulnerabilities ... Datasheet: DDoS Protection DNS DDoS Protection ... DNS server. This protects your

Datasheet: DDoS Protection - Grayhats Datasheet DDoS...or OpenBSD vulnerabilities ... Datasheet: DDoS Protection DNS DDoS Protection ... DNS server. This protects your

Documents
Arbor Ddos

Arbor Ddos

Documents
Detecting DDOS

Detecting DDOS

Documents
Scalable DDoS mitigation · •Scalable DDoS Mitigation –BGP FlowSpec •Cloud DDoS Protection –F5 Silverline. DDoS Overview • Distributed denial-of‐service (DDoS) attacks

Scalable DDoS mitigation · •Scalable DDoS Mitigation –BGP FlowSpec •Cloud DDoS Protection –F5 Silverline. DDoS Overview • Distributed denial-of‐service (DDoS) attacks

Documents
DDoS Saldırı Analizi - DDoS Forensics

DDoS Saldırı Analizi - DDoS Forensics

Documents
AWS Cloud Trail - d36cz9buwru1tt.cloudfront.netd36cz9buwru1tt.cloudfront.net/jp/reinvent/2013/documentation/...How Netflix Leverages Multiple Regions to ... DDoS Resiliency with Amazon

AWS Cloud Trail - d36cz9buwru1tt.cloudfront.netd36cz9buwru1tt.cloudfront.net/jp/reinvent/2013/documentation/...How Netflix Leverages Multiple Regions to ... DDoS Resiliency with Amazon

Documents
Imperva Incapsula WAF and DDoS Protection Campaign€¦ · DDoS Protection For SecureSphere Distributed Denial of Service (DDoS) attacks are more devastating than ever; DDoS attacks

Imperva Incapsula WAF and DDoS Protection Campaign€¦ · DDoS Protection For SecureSphere Distributed Denial of Service (DDoS) attacks are more devastating than ever; DDoS attacks

Documents
07 Leverages

07 Leverages

Documents
DDoS @ traceroute

DDoS @ traceroute

Documents
Unit 6 Leverages

Unit 6 Leverages

Documents
DDoS hybrid protection - rsnog.rs · DDoS protection system –Hybrid solution •Telenor hybrid DDoS protection is based • Local netflow based DDoS protection segment • Cloud

DDoS hybrid protection - rsnog.rs · DDoS protection system –Hybrid solution •Telenor hybrid DDoS protection is based • Local netflow based DDoS protection segment • Cloud

Documents
Leverages Problems

Leverages Problems

Economy & Finance
Prolexic DDoS Analytics & DDoS Mitigation In Real Time

Prolexic DDoS Analytics & DDoS Mitigation In Real Time

Technology
NETWORK AND DATA CENTER VISIBILITY, …symbiocyber.com/Products/pdf/DS_X42_EN.pdf · uted denial of service (DDoS) attacks, botnet armies, ... Leverages NetFlow NetFlow is built into

NETWORK AND DATA CENTER VISIBILITY, …symbiocyber.com/Products/pdf/DS_X42_EN.pdf · uted denial of service (DDoS) attacks, botnet armies, ... Leverages NetFlow NetFlow is built into

Documents
DDoS Attacks 101 - Vistnet DDoS Protection & Mitigation ...€¦ · DDoS Protection Company V DDoS Attacks 101 eserved. 7 In the meantime the quality of DDoS attack software is improving;

DDoS Attacks 101 - Vistnet DDoS Protection & Mitigation ...€¦ · DDoS Protection Company V DDoS Attacks 101 eserved. 7 In the meantime the quality of DDoS attack software is improving;

Documents
DDoS Attack

DDoS Attack

Documents
LUCID: A Practical, Lightweight Deep Learning Solution for DDoS … · lightweight deep learning DDoS detection system called LUCID, ... At the time, this was the largest DDoS attack

LUCID: A Practical, Lightweight Deep Learning Solution for DDoS … · lightweight deep learning DDoS detection system called LUCID, ... At the time, this was the largest DDoS attack

Documents
DDoS Attacks

DDoS Attacks

Technology
Ddos analizi

Ddos analizi

Documents
Types of leverages

Types of leverages

Education
DDoS 방어 계획 수립하기 8가지 모범 사례 · DDoS 방어 계획 수립하기 8가지 모범 사례 DDoS 공격은 큰 혼란을 초래합니다. DDoS 방어 계획을

DDoS 방어 계획 수립하기 8가지 모범 사례 · DDoS 방어 계획 수립하기 8가지 모범 사례 DDoS 공격은 큰 혼란을 초래합니다. DDoS 방어 계획을

Documents
DDoS Handbook

DDoS Handbook

Documents
DDoS Threat Landscape - CHI-NOGchinog.org/.../2016/05/10.-DDoS-Threat-Landscape.pdf · DDoS Threat Landscape . DDoS Handbook • A history and overview of DDoS • Review of attack

DDoS Threat Landscape - CHI-NOGchinog.org/.../2016/05/10.-DDoS-Threat-Landscape.pdf · DDoS Threat Landscape . DDoS Handbook • A history and overview of DDoS • Review of attack

Documents
DDoS 방어에 9가지 - Akamai · 2021. 1. 20. · DDoS 방어전문 대신지식을 클라우드개발하는 기반 플랫폼으로 DDoS 방어솔루션을 아웃소싱하고 있습니다

DDoS 방어에 9가지 - Akamai · 2021. 1. 20. · DDoS 방어전문 대신지식을 클라우드개발하는 기반 플랫폼으로 DDoS 방어솔루션을 아웃소싱하고 있습니다

Documents
DDoS Testing Services - zencurity.com · DDoS Testing Services DOES YOUR BUSINESS HAVE AN OPTIMISED DDOS PROTECTION STRATEGY Our DDoS testing service exercises your infrastructure

DDoS Testing Services - zencurity.com · DDoS Testing Services DOES YOUR BUSINESS HAVE AN OPTIMISED DDOS PROTECTION STRATEGY Our DDoS testing service exercises your infrastructure

Documents
Krizhanovsky Ddos

Krizhanovsky Ddos

Technology
cloudfale ddos

cloudfale ddos

Documents