How to Protect Your Network from Protocol-Based DDoS Attacks


Published on

Some DDoS and DrDoS attacks target IP-based devices such as printers and routers to take advantage of vulnerabilities inherent in these standard network protocols. By taking advantage of the functionality of the SNMP, NTP and CHARGEN protocols, attackers can turn mild-mannered network devices into malicious attacking bots. This short presentation from Prolexic highlights the problem as well as steps you can take to protect yourself.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How to Protect Your Network from Protocol-Based DDoS Attacks

  1. 1. Printers, Routers Used in Cyber Attacks How to protect your network
  2. 2. The DrDoS attack: A popular cyber attack • Distributed reflection and amplification denial of service attack, or DrDoS • Malicious use of Internet protocols • Difficult to trace back to the origin, because spoofing can mask the origin of the attack • Sysadmins can take specific actions to reduce the vulnerability of their network devices and servers 2 CONFIDENTIAL
  3. 3. Even printers may be hijacked by criminals using DrDoS attacks • Support for common network protocols allows devices on your network to be employed in denial of service attacks • Vulnerable devices include: – – – – – – 3 Printers Cameras Routers Hubs Sensors Other network devices
  4. 4. Secure your IT devices and infrastructure • Three vulnerable network protocols used in devices: – Simple Network Management Protocol (SNMP) – Network Time Protocol (NTP) – Character Generation Protocol (CHARGEN) • Like many other network protocols, these protocols were written with functionality, not security, in mind • Can be used to misdirect and amplify responses to the attacker’s target 4 CONFIDENTIAL
  5. 5. Simple Network Management Protocol (SNMP) • For communicating with IP-based devices, such as routers, switches, servers, printers, modems, IP video cameras, IP phones, network bridges, hubs, alarms and thermometers • Transmits data about device components, measurements, sensor readings and variables • Allows users to monitor these devices • Use of human-readable cleartext makes SNMPv1 and v2 vulnerable to interception and modification • The origin of the transmission cannot be verified • 5 The white paper explains how to mitigate vulnerability to SNMP DrDoS attacks
  6. 6. Network Time Protocol (NTP) • For synchronizing time and date information on computer clocks on the Internet • Implemented on all major operating systems, network infrastructure devices and embedded devices • Susceptible to spoofing, like the User Datagram Protocol (UDP) upon which is it built • Attacker may cause multiple requests for time updates to be sent to multiple NTP hosts, directing their responses to the attacker’s target • Team-Cymru authored a secure NTP server template that can be used as a baseline for DDoS protection against NTP reflection attacks • 6 The white paper provides a link to the Team-Cymru NTP server template
  7. 7. Character Generation Protocol (CHARGEN) • Can be used for debugging network connections, network payload generating and bandwidth testing • Two types of CHARGEN services: – TCP and UDP – UDP version is vulnerable to spoofing • Misuse of the testing features may allow attackers to craft malicious network payloads and direct the responses to the attacker’s target • The U.S. cyber security organization CERT recommends reconsidering whether these protocols are needed in your organization • 7 The white paper provides a link to details about the CERT recommendation
  8. 8. Why protocol-based DrDoS attacks happen • DrDoS protocol reflection attacks are possible due to the inherent design of the original architecture and structure of these protocols • Closing the security gaps permanently would require creating new protocols, which is unlikely to happen in the short term • By disabling or restricting unneeded functionality, sysadmins can eliminate these vulnerabilities • Prolexic customers are protected from these attacks as part of our DDoS protection and mitigation services 8
  9. 9. Learn more in the white paper • Download the DrDoS white paper: SNMP, NTP and CHARGEN attacks • In this white paper, you’ll learn: – Three common network protocols used in reflection attacks – How SNMP, NTP and CHARGEN can be used malicious actors – How your printers and network devices may be employed by cyber attackers – Specific action to minimize your network’s exposure and mitigate protocol attacks – What the internet community could do to reduce the risk 9
  10. 10. About Prolexic • Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services. • Prolexic has successfully stopped DDoS attacks for more than a decade. • We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers. 10