Your SlideShare is downloading. ×
How to Protect Your Network from Protocol-Based DDoS Attacks
How to Protect Your Network from Protocol-Based DDoS Attacks
How to Protect Your Network from Protocol-Based DDoS Attacks
How to Protect Your Network from Protocol-Based DDoS Attacks
How to Protect Your Network from Protocol-Based DDoS Attacks
How to Protect Your Network from Protocol-Based DDoS Attacks
How to Protect Your Network from Protocol-Based DDoS Attacks
How to Protect Your Network from Protocol-Based DDoS Attacks
How to Protect Your Network from Protocol-Based DDoS Attacks
How to Protect Your Network from Protocol-Based DDoS Attacks
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

How to Protect Your Network from Protocol-Based DDoS Attacks

367

Published on

Some DDoS and DrDoS attacks target IP-based devices such as printers and routers to take advantage of vulnerabilities inherent in these standard network protocols. By taking advantage of the …

Some DDoS and DrDoS attacks target IP-based devices such as printers and routers to take advantage of vulnerabilities inherent in these standard network protocols. By taking advantage of the functionality of the SNMP, NTP and CHARGEN protocols, attackers can turn mild-mannered network devices into malicious attacking bots. This short presentation from Prolexic highlights the problem as well as steps you can take to protect yourself.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
367
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Printers, Routers Used in Cyber Attacks How to protect your network www.prolexic.com
  • 2. The DrDoS attack: A popular cyber attack • Distributed reflection and amplification denial of service attack, or DrDoS • Malicious use of Internet protocols • Difficult to trace back to the origin, because spoofing can mask the origin of the attack • Sysadmins can take specific actions to reduce the vulnerability of their network devices and servers 2 CONFIDENTIAL www.prolexic.com
  • 3. Even printers may be hijacked by criminals using DrDoS attacks • Support for common network protocols allows devices on your network to be employed in denial of service attacks • Vulnerable devices include: – – – – – – 3 Printers Cameras Routers Hubs Sensors Other network devices www.prolexic.com
  • 4. Secure your IT devices and infrastructure • Three vulnerable network protocols used in devices: – Simple Network Management Protocol (SNMP) – Network Time Protocol (NTP) – Character Generation Protocol (CHARGEN) • Like many other network protocols, these protocols were written with functionality, not security, in mind • Can be used to misdirect and amplify responses to the attacker’s target 4 CONFIDENTIAL www.prolexic.com
  • 5. Simple Network Management Protocol (SNMP) • For communicating with IP-based devices, such as routers, switches, servers, printers, modems, IP video cameras, IP phones, network bridges, hubs, alarms and thermometers • Transmits data about device components, measurements, sensor readings and variables • Allows users to monitor these devices • Use of human-readable cleartext makes SNMPv1 and v2 vulnerable to interception and modification • The origin of the transmission cannot be verified • 5 The white paper explains how to mitigate vulnerability to SNMP DrDoS attacks www.prolexic.com
  • 6. Network Time Protocol (NTP) • For synchronizing time and date information on computer clocks on the Internet • Implemented on all major operating systems, network infrastructure devices and embedded devices • Susceptible to spoofing, like the User Datagram Protocol (UDP) upon which is it built • Attacker may cause multiple requests for time updates to be sent to multiple NTP hosts, directing their responses to the attacker’s target • Team-Cymru authored a secure NTP server template that can be used as a baseline for DDoS protection against NTP reflection attacks • 6 The white paper provides a link to the Team-Cymru NTP server template www.prolexic.com
  • 7. Character Generation Protocol (CHARGEN) • Can be used for debugging network connections, network payload generating and bandwidth testing • Two types of CHARGEN services: – TCP and UDP – UDP version is vulnerable to spoofing • Misuse of the testing features may allow attackers to craft malicious network payloads and direct the responses to the attacker’s target • The U.S. cyber security organization CERT recommends reconsidering whether these protocols are needed in your organization • 7 The white paper provides a link to details about the CERT recommendation www.prolexic.com
  • 8. Why protocol-based DrDoS attacks happen • DrDoS protocol reflection attacks are possible due to the inherent design of the original architecture and structure of these protocols • Closing the security gaps permanently would require creating new protocols, which is unlikely to happen in the short term • By disabling or restricting unneeded functionality, sysadmins can eliminate these vulnerabilities • Prolexic customers are protected from these attacks as part of our DDoS protection and mitigation services 8 www.prolexic.com
  • 9. Learn more in the white paper • Download the DrDoS white paper: SNMP, NTP and CHARGEN attacks • In this white paper, you’ll learn: – Three common network protocols used in reflection attacks – How SNMP, NTP and CHARGEN can be used malicious actors – How your printers and network devices may be employed by cyber attackers – Specific action to minimize your network’s exposure and mitigate protocol attacks – What the internet community could do to reduce the risk 9 www.prolexic.com
  • 10. About Prolexic • Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services. • Prolexic has successfully stopped DDoS attacks for more than a decade. • We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers. 10 www.prolexic.com

×