Loop DoS – New DoS Attack Targets Application-Layer Protocols, with Potential Impact on 300K Hosts

by | Mar 21, 2024 | News

Post Views: 324

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

In a startling revelation, cybersecurity experts have uncovered a newly identified DoS loop attack, distinguished by its self-perpetuating nature and targeted approach toward application-layer messages. This sophisticated technique involves the pairing of two network services, triggering an endless exchange of responses that inundate systems or networks with overwhelming traffic, resulting in a denial of service. Once initiated, the loop operates autonomously, rendering even the attackers powerless to halt its disruptive effects.

Unlike previous loop attacks confined to the routing layer of a single network and limited by finite iterations, this latest threat poses a formidable challenge to cybersecurity defenses.

300,000 Vulnerable Hosts

The gravity of this discovery becomes apparent when considering its potential impact on an estimated 300,000 Internet hosts.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Researchers Yepeng Pan and Professor Dr. Christian Rossow from CISPA have identified vulnerabilities in a range of widely used protocols, including TFTP, DNS, NTP, and legacy protocols such as Daytime, Time, Active Users, Echo, Chargen, and QOTD. These protocols, integral to basic Internet functionalities, serve essential roles like time synchronization and domain name resolution, making them prime targets for malicious exploitation.

Exploitation

What’s particularly concerning is the ease with which these attacks can be triggered, often requiring just a single spoofing-capable host. By leveraging IP spoofing, attackers can initiate a loop between vulnerable servers, perpetuating a cycle of traffic exchange that strains both systems and network links.

Trending: Recon Tool: SiCat

Pan underscores the novelty of this attack vector, emphasizing its distinction from known network-layer loops and the inadequacy of existing packet lifetime checks in interrupting application-layer loops.

Despite the absence of reported incidents thus far, the potential for exploitation looms large. Rossow warns that without proactive measures to address this vulnerability, the risk of exploitation remains high. In December 2023, Rossow and Pan took swift action, disclosing their findings to affected vendors and trusted operators. Together with The Shadowserver Foundation, they embarked on a comprehensive notification campaign to raise awareness and mitigate the looming threat posed by this newly discovered application-layer DoS loop attack.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: cispa.de

Source Link