March 20, 2024 at 05:51AM
Researchers from the CISPA Helmholtz Center in Germany have identified a new DoS attack that affects UDP-based application protocols and internet-facing systems, causing indefinite communication between servers. This self-sustaining loop attack disrupts services and networks, impacting protocols like NTP and DNS. The technique may be used for amplifying DoS or DDoS attacks. Numerous internet hosts are estimated to be impacted, and new CVE identifiers have been assigned for these vulnerabilities. Affected vendors are taking measures to address the issue. The researchers urge entities to take action and recommend preventive and reactive measures.
From the meeting notes, key takeaways include the following:
– Researchers from CISPA Helmholtz Center for Information Security in Germany have identified a new denial-of-service (DoS) attack vector that affects several UDP-based application protocols, impacting hundreds of thousands of internet-facing systems.
– The attack involves a self-perpetuating loop that targets application-layer messages, leading to a denial of service for the affected systems or networks. It can also be used for DoS or DDoS attack amplification.
– The impacted protocols include NTP, DNS, TFTP, as well as legacy protocols such as Echo, Chargen, and QOTD, with an estimated 300,000 affected internet hosts.
– New CVE identifiers CVE-2024-1309 and CVE-2024-2169 have been assigned to the vulnerabilities involved in the new DoS attack.
– CERT Coordination Center at Carnegie Mellon University has confirmed impact on products from Broadcom, Honeywell, Microsoft, and MikroTik, with notifications sent to potentially impacted vendors.
– The researchers have recommended preventive and reactive measures, including disrupting the DoS loop in case of an attack.
Please let me know if you need any further information or if there’s anything else you’d like to discuss.