Attackers increasingly abuse insecure routers and other home devices for DDoS attacks

New report shows that the number of attacks is on the rise

Attackers are taking advantage of home routers and other devices that respond to UPnP (Universal Plug and Play) requests over the Internet in order to amplify distributed denial-of-service attacks.

A report released Tuesday by cloud services provider Akamai Technologies shows that the number of DDoS attacks is on the rise. During the second quarter of 2015 it increased by 7 percent compared to the previous three months and by 132 percent compared to the same period last year, the company's data revealed.

Overall, attackers launched less powerful attacks, but their duration was longer. Even so, the company saw 12 attacks that exceeded 100Gbps during the second quarter and five that peaked at more than 50 million packets per second.

Very few organizations have the infrastructure necessary to deal with such attacks on their own. The largest one recorded during the second quarter across Akamai's Prolexic Routed network peaked at 214Mpps and was capable of disrupting high-end routers used by ISPs, the company said.

SYN floods and Simple Service Discovery Protocol (SSDP) reflection were the most popular DDoS vectors used, accounting for 16 percent and 15.8 percent of attacks respectively.

DDoS reflection is a technique where attackers send requests with a spoofed source IP (Internet Protocol) address to third-party computers, causing them to send responses to that address instead of the original sender. The spoofed IP address belongs to the intended victim.

If the original packets are smaller than the generated responses, the technique also has an amplification effect because it allows attackers to generate more traffic than their available bandwidth would normally allow, by reflecting it through other computers.

The amplification factor depends on the protocol used. Vulnerable Domain Name System (DNS) and Network Time Protocol (NTP) servers have repeatedly been abused in recent years to generate large DDoS attacks.

Attackers started using SSDP for DDoS reflection and amplification in the last quarter of 2014 and has since become one of their favorite techniques. Even though the protocol has a lower amplification factor than DNS or NTP, it has one major benefit: it's used by millions of vulnerable devices spread around the world that are unlikely to be patched.

SSDP is part of the Universal Plug and Play (UPnP) set of networking protocols that allows devices to discover each other and establish functional services without manual configuration.

The protocol is intended to be used inside small home and business networks, but there's a very large number of routers and other devices that are configured to respond to SSDP queries over the Internet, making them potential DDoS reflectors.

According to the Shadowserver Foundation, a volunteer organization that promotes Internet security, there are currently about 12 million IP addresses on the Internet that have an open SSDP service.

The SSDP reflection vector has not been subject to the same type of cleanup efforts as NTP and DNS because most of the exploited devices are consumer ones and not servers, Akamai's researchers said in the report.

Their owners are typically home users who are unlikely to realize that their devices are participating in attacks, they said. "Even if they do notice slowness in their networks, they may not have the expertise to troubleshoot, mitigate or detect the cause."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Lucian Constantin

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Bang and Olufsen Beosound Stage - Dolby Atmos Soundbar

Learn more >

Toys for Boys

Nakamichi Delta 100 3-Way Hi Fi Speaker System

Learn more >

Sony WF-1000XM3 Wireless Noise Cancelling Headphones

Learn more >

ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14

Learn more >

Family Friendly

Mario Kart Live: Home Circuit for Nintendo Switch

Learn more >

Philips Sonicare Diamond Clean 9000 Toothbrush

Learn more >

Stocking Stuffer

Teac 7 inch Swivel Screen Portable DVD Player

Learn more >

SunnyBunny Snowflakes 20 LED Solar Powered Fairy String

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?