Search Here

A new Zero-day Distributed Denial of Service (DDoS) attack vector has been discovered by a US security firm. This victor has the potential to make botnets like Mirai which are 55 times more powerful than they already are.

Corero Network Security a Massachusetts-based DDoS mitigation provider has made a discovery of new amplification attack making use of Lightweight Directory Access Protocol (LDAP)

LDAP is a commonly used protocol which helps in assessing usernames and passwords from the database which is integrated into most web services.

The vector was used for extremely powerful attacks, against the customers last week. Though the attack is not too far there is an amplification factor in the vector making the existing botnets 55 times more lethal.

The hacker just sends a query to the venerable reflector which supports connectionless LDAP service. It seems as if the query has originated from the victim the hacker is wishing to target.

The hacker gets a response from CLDAP because of the spoofed address. In return, CLDAP sends a large amount of unwanted traffic to the victim. The hackers capitalize on this as the responses are capable of reaching high bandwidth.

Such attacks occur because of open services available on the internet and these respond to spoofed record queries.

The only solution is hiring the services of an authentic service provider. You can identify the spoofed IP addresses before such requests are admitted to the network. Ingress filtering techniques can be employed during router configuration to eliminate spoofed IP address.

If compared to other methods like botnets of Internet of Things the attacks would reach unimaginable scale and the impact shall be far reaching. This can make many popular sites go offline which has already happened in US and UK

Automated mitigating techniques are the only effective defense against the DDoS attack Victor. Otherwise, there can be devastating meltdown in the internet world.