Security News > 2024 > March > Some 300,000 IPs vulnerable to this Loop DoS attack
As many as 300,000 servers or devices on the public internet are thought to be vulnerable right now to the recently disclosed Loop Denial-of-Service technique that works against some UDP-based application-level services.
It's pretty trivial, and basically relies on sending an error message to, let's say, vulnerable server A in such a way, using IP address source spoofing, that server A responds with an error message to vulnerable server B, which sends an error message to A, which responds to B, which responds to A, over and over again in an infinite loop.
Imagine two services that respond with an error message when receiving an error message as input," as Rossow and Pan put it in their write-up this week.
"If an error as input creates an error as output, and a second system behaves the same, these two systems will keep sending error messages back and forth indefinitely."
The method benefits miscreants in various ways: They don't need to send continuous waves of traffic to render services unavailable, and once it's begun there's no stopping it until the targeted machines or someone in between can break off the infinite loop.
Gear and software from Arris, Broadcom, Microsoft, Honeywell, Brother, and MikroTik is said to be among those vulnerable to Loop DoS. In addition, products that have gone out of support from Cisco, TP-Link, and Zyxel are understood to be at risk.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/03/24/loop_ip_vulnerable/