Security watchers have warned about a new class of DDoS amplification attack threat which only exists because too many users are failing to follow basic safeguards.
Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years, the most high-profile of which battered Spamhaus and buffeted internet exchanges back in March 2013. Over recent weeks, another service – Portmap – has become a vector of DDos attacks, US-based carrier Level 3 warned. Ofer Gayer Security Researcher at Imperva , gives insights into these attacks.
[su_note note_color=”#ffffcc” text_color=”#00000″]Ofer Gayer Security Researcher at Imperva :
“These Portmap attacks are no different than other amplification denial of service attacks, all of which abuse legitimate services to magnify the impact of DDoS floods. From mitigation stand-point, however, the end result is always the same large UDP flood—something that mitigation providers should be equipped to deal with by default. The fact that these specific attacks originate from a rarely-used (111) port makes them even easier to identify.
As always, we advise all sys-admins to carefully manage outside access of their public facing services, either by filtering their users or by disabling them entirely, if not in use”.[/su_note][su_box title=”About Imperva” style=”noise” box_color=”#336588″]Imperva® (NYSE:IMPV), is a leading provider of cyber security solutions that protect business-critical data and applications. The company’s SecureSphere, Incapsula and Skyfence product lines enable organizations to discover assets and risks, protect information wherever it lives – in the cloud and on-premises – and comply with regulations. The Imperva Application Defense Center, a research team comprised of some of the world’s leading experts in data and application security, continually enhances Imperva products with up-to-the-minute threat intelligence, and publishes reports that provide insight and guidance on the latest threats and how to mitigate them. Imperva is headquartered in Redwood Shores, California.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.