Ddos 
According to bleepingcomputer reports on the 15th, the United States well-known cybersecurity company Imperva issued a report on Monday that the attackers are trying to use the UPnP protocol to shield the network packet source port sent during the DDoS flood, thus avoiding some DDoS mitigation solutions. According to Imperva, they have discovered at least two DDoS attacks using the technology in the wild and have successfully tested one of them through their internal POC. The PoC code searches for a router that exposes its rootDesc.xml file (which includes a port mapping configuration), adds a custom port mapping rule that hides the source port and then initiates a DDoS amplification attack.
Image: Imperva
Imperva believes that using UPnP to hide source ports and using DNS and NTP protocols during DDoS floods will mean that this new technology is unknowable in terms of the type of DDoS amplification technology that attackers choose to use, and is likely to follow Over time, this technology will become more and more popular. Therefore, for security reasons, Imperva recommends that the router user disable UPnP support when it is not necessary.
Suggest Reading
New DDoS Attack Method Demands a Fresh Approach to Amplification Assault Mitigation
Source: BleepingComputer
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
