Security News > 2021 > March > DDoS booters now abuse DTLS servers to amplify attacks
DDoS-for-hire services are now actively abusing misconfigured or out-of-date Datagram Transport Layer Security servers to amplify Distributed Denial of Service attacks.
According to reports that surfaced in December, a DDOS attack used DTLS to amplify traffic from vulnerable Citrix ADC devices that used DTLS configurations without a 'HelloClientVerify' anti-spoofing mechanism designed to block such abuse.
DDoS attacks using DTLS can reach an amplification factor of 35 according to German DDoS protection vendor Link11 or an amplification ratio of 37.34:1 based on info from DDoS mitigation firm Netscout.
Two months later, Netscout said that more than 4,200 DTLS servers are still reachable over the Internet and ripe for abuse in reflection/amplification DDoS attacks.
Netscout has observed single-vector DTLS amplification DDoS attacks up to roughly 44.6 Gbps and multi-vector attacks of up to ~206.9 Gbps. Adopted by DDoS booter services.
To mitigate such attacks, admins can either disable unnecessary DTLS services on Internet-exposed servers or to patch/configure them to use the HelloVerifyRequest anti-spoofing mechanism to remove the DTLS amplification vector.
News URL
Related news
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- DDoS attacks reportedly behind DayZ and Arma network outages (source)
- Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- New Eleven11bot botnet infects 86,000 devices for DDoS attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)