March 20, 2024 at 11:36AM
A new DoS attack vector, dubbed Loop DoS attacks, targets UDP-based application-layer protocols, leading to reflected DoS attacks. Researchers discovered that certain UDP protocol implementations can be weaponized, creating self-perpetuating attack loops. Potentially impacting around 300,000 hosts and networks, the attack has been flagged as trivial to exploit. Multiple products from major companies are affected.
Based on the meeting notes, the key takeaway is the emergence of a novel denial-of-service (DoS) attack vector targeting application-layer protocols based on User Datagram Protocol (UDP). This new approach, known as Loop DoS attacks, pairs servers in a way that they communicate with each other indefinitely, creating large volumes of traffic and resulting in a denial-of-service for involved systems or networks. This attack can be carried out with a single spoofing-capable host and has the potential to impact an estimated 300,000 hosts and their networks.
Additionally, it was highlighted that certain implementations of the UDP protocol, such as DNS, NTP, TFTP, Active Users, Daytime, Echo, Chargen, QOTD, and Time, can be weaponized to create a self-perpetuating attack loop. The researchers also noted that while there is currently no evidence that the attack has been weaponized in the wild, the exploitation is considered trivial, and multiple products from various vendors are affected.
The researchers stressed the importance of initiatives to filter spoofed traffic, such as BCP38, to mitigate the risks associated with these attacks. It is crucial for organizations to stay updated on these developments and take necessary precautions to protect their networks from potential threats.