New Technology Uses UPnP Protocol to Avoid DDoS Mitigation

by do son · May 15, 2018

According to bleepingcomputer reports on the 15th, the United States well-known cybersecurity company Imperva issued a report on Monday that the attackers are trying to use the UPnP protocol to shield the network packet source port sent during the DDoS flood, thus avoiding some DDoS mitigation solutions. According to Imperva, they have discovered at least two DDoS attacks using the technology in the wild and have successfully tested one of them through their internal POC. The PoC code searches for a router that exposes its rootDesc.xml file (which includes a port mapping configuration), adds a custom port mapping rule that hides the source port and then initiates a DDoS amplification attack.

Image: Imperva

Imperva believes that using UPnP to hide source ports and using DNS and NTP protocols during DDoS floods will mean that this new technology is unknowable in terms of the type of DDoS amplification technology that attackers choose to use, and is likely to follow Over time, this technology will become more and more popular. Therefore, for security reasons, Imperva recommends that the router user disable UPnP support when it is not necessary.

Suggest Reading