Attackers increasingly abuse insecure routers and other home devices for DDoS attacks

New report shows that the number of attacks is on the rise

Attackers are taking advantage of home routers and other devices that respond to UPnP (Universal Plug and Play) requests over the Internet in order to amplify distributed denial-of-service attacks.

A report released Tuesday by cloud services provider Akamai Technologies shows that the number of DDoS attacks is on the rise. During the second quarter of 2015 it increased by 7 percent compared to the previous three months and by 132 percent compared to the same period last year, the company's data revealed.

Overall, attackers launched less powerful attacks, but their duration was longer. Even so, the company saw 12 attacks that exceeded 100Gbps during the second quarter and five that peaked at more than 50 million packets per second.

Very few organizations have the infrastructure necessary to deal with such attacks on their own. The largest one recorded during the second quarter across Akamai's Prolexic Routed network peaked at 214Mpps and was capable of disrupting high-end routers used by ISPs, the company said.

SYN floods and Simple Service Discovery Protocol (SSDP) reflection were the most popular DDoS vectors used, accounting for 16 percent and 15.8 percent of attacks respectively.

DDoS reflection is a technique where attackers send requests with a spoofed source IP (Internet Protocol) address to third-party computers, causing them to send responses to that address instead of the original sender. The spoofed IP address belongs to the intended victim.

If the original packets are smaller than the generated responses, the technique also has an amplification effect because it allows attackers to generate more traffic than their available bandwidth would normally allow, by reflecting it through other computers.

The amplification factor depends on the protocol used. Vulnerable Domain Name System (DNS) and Network Time Protocol (NTP) servers have repeatedly been abused in recent years to generate large DDoS attacks.

Attackers started using SSDP for DDoS reflection and amplification in the last quarter of 2014 and has since become one of their favorite techniques. Even though the protocol has a lower amplification factor than DNS or NTP, it has one major benefit: it's used by millions of vulnerable devices spread around the world that are unlikely to be patched.

SSDP is part of the Universal Plug and Play (UPnP) set of networking protocols that allows devices to discover each other and establish functional services without manual configuration.

The protocol is intended to be used inside small home and business networks, but there's a very large number of routers and other devices that are configured to respond to SSDP queries over the Internet, making them potential DDoS reflectors.

According to the Shadowserver Foundation, a volunteer organization that promotes Internet security, there are currently about 12 million IP addresses on the Internet that have an open SSDP service.

The SSDP reflection vector has not been subject to the same type of cleanup efforts as NTP and DNS because most of the exploited devices are consumer ones and not servers, Akamai's researchers said in the report.

Their owners are typically home users who are unlikely to realize that their devices are participating in attacks, they said. "Even if they do notice slowness in their networks, they may not have the expertise to troubleshoot, mitigate or detect the cause."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?