Printers, routers used as bots in DDoS attacks

  • Organizations that want to reduce the risk of their devices being used to
    launch DDoS attacks should disable SNMP if it is not needed,SONY
    VGN-NS51B/L Laptop Battery Replacement
    , restrict SNMP access via access
    control lists, and disable read and write SNMP access unless it is absolutely
    needed, Prolexic said in its report. Companies should also consider stronger
    authentication measures to control access to SNMP devices.

    Computerworld - Printers, routers, IP cameras, sensors and other
    Internet-connected devices are increasingly used to launch large distributed
    denial of service attacks, security firm Prolexic warned in a report this

    Attackers can take advantage of such flaws to take control of
    network-attached devices and use them to launch denial of service attacks,
    Gareau said. The flaws also allow attackers to send spoofed IP requests to an
    SNMP host and get it to respond with a message that is several times larger in
    byte size than the original request. In some cases, attackers can craft IP
    requests that generate close to 7.5 times more traffic than the original
    request, he said.

    According to Prolexic, there are several security problems with SNMP. Some
    versions of the protocol transmit data in human readable form and are therefore
    vulnerable to interception and data modification attacks. The protocol is also
    vulnerable to IP spoofing because the origin of transmission of an SNMP request
    cannot be verified. All versions of SNMP are also vulnerable to "brute force"
    attacks, the company said.

    Meanwhile, vulnerabilities in the CHARGEN protocol,SONY
    Vaio VPC-EA25FX Laptop Battery Replacement
    , which is found in remote
    debugging and measurement tools, allows attackers to craft malicious packets and
    have them directed to a target. Companies that use this protocol should review
    its use and eliminate it if it isn't needed, according to Prolexic.

    in Computerworld's Malware and Vulnerabilities Topic Center.

    Attackers are taking advantage of inherent vulnerabilities in some common
    network protocols used by these devices to turn them into malicious bots,
    Prolexic said.

    SNMP is used to manage devices such as routers and printers that are
    connected to the Internet. The protocol is used to collect data about device
    performance and enables remote management.

    The report identifies three vulnerabilities in particular that are being used
    in DDoS attacks: Simple Network Management Protocol (SNMP), Network Time
    Protocol (NTP)( and Character Generator Protocol (CHARGEN).

    See .

    Similarly, problems with the Network Time Protocol can result in systems that
    are co-opted into a DDoS attack, the company said. NTP is used to synchronize
    network clocks and for timestamp messages. As with SNMP, attackers can launch
    multiple requests for NTP updates from multiple hosts and direct all the
    responses to a target computer.

    The Prolexic report is the second in recent days to highlight the security
    dangers posted to organizations from legacy technologies. Earlier this month
    security firm Rapid7 released a on how thousands of older systems, including
    those used to manage critical industrial control equipment, traffic lights, fuel
    pumps, retail point-of-sale terminals and building automation, are vulnerable to
    tampering because they're insecurely connected to the Internet via terminal

    All three protocols are ubiquitous across the Internet and in out-of-the-box
    devices and system configurations, said Terrence Gareau,SONY
    VGN-SR190EBQ Laptop Battery Replacement
    , principal security architect for

    covers data security and privacy issues, financial services security and
    e-voting for Computerworld. Follow Jaikumar on Twitter at or subscribe to . His
    e-mail address is .

    As a result, attackers can generate huge volumes of DDoS traffic with
    relatively small SNMP requests, Gareau said. Such attacks are considered DDoS
    amplification attacks because of the manner in which attack traffic is magnified
    and distributed to the target,SONY
    Vaio VPCEB1M1E/BJ Laptop Battery Replacement
    , he added.

Welcome, If you want to get involved, click one of these buttons!

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!