DDoS protection company Prolexic has warned of a spike in the number of Distributed Reflection and Amplification Denial of Service, or DrDoS, attacks, which have notably grown over the last year.
The company points out that common networked devices such as printers, cameras, hubs, sensors and routers are increasingly being taken advantage of and turned into nodes to launch malicious attacks part of wider botnets.
These can be tough to pin down because they often spoof the actual origin of the attack.
DrDoS attacks, the whitepaper points out, are made possible because of the original design of RFC – the most widely used protocols were built for functionality over security which can leave them wide open.
In a whitepaper, Prolexic outlines in technical terms how three common network protocols are used to launch the attacks – these are Simple Network Management Protocol, or SNMP, for communicating with IP based devices, Network Time Protocol, or NTP, used to synch time and data information across networks, and Character Generation Protocol, or CHARGEN, for debugging network connections.
Prolexic warns that, over time, as more servers and IP devices are added, DrDoS threats will grow because networks will grow. In the short term it is unlikely that security gaps will be plugged because this would need entirely new protocols, and for the current batch the problems can be found at the core of their architectures.
To lower the threat, Prolexic advises Sysadmins to disable or restrict functionalities in these protocols.