DDos attack violating UPnP vulnerability

 

A recent disclosure of a new type of Distributed Denial-of-Service (DDoS) attack takes advantage of an infamous security vulnerability in the Universal Plug and Play (UPnP) networking protocol. This exploit allows attackers to bypass common methods for detecting their actions. This new form of DDos attacks are launched from irregular source ports, making it difficult to determine their origin and blacklist the ports in order to protect against future incidents.

 

A DDoS attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. A flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, denying service to legitimate users or systems.

This new DDos exploit bypasses the UPnP, which is a set of networking protocols that enables networked devices to discover each other’s presence on the network with ease and establish a functional network. UPnP is aimed mainly at residential networks or for personal use, especially so by Internet of Things (IoT) devices, which use UPnP to find each other and communicate over a local network. This ultimately results in attackers being able to access the information on your network.

The UPnP protocols are still used, despite known issues around poor default settings, lack of authentication, and UPnP-specific remote code execution vulnerabilities, which make the devices vulnerable to attack. Mikko Hyppönen, F-Secure’s Chief Research Officer, says IoT is unavoidable. “If it uses electricity, it will become a computer. If it uses electricity, it will be online”. We can’t avoid the IoT revolution by refusing to partake in this revolution. However, protecting yourself from these threats is the only option.

 

There is a relatively simple way to protect systems from this and other UNPnP exploits. Blocking the device from being remotely accessible is the best solution, as it serves no useful function or has any benefit for device users. Everything is now a computer. Devices that were previously all wires and mechanics now run rich operating systems and more and more of them are becoming connected to the internet. If these devices aren’t patched, more targets to malicious hackers will become a prevalent issue.