LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   US-CERT Alert (TA14-017A) UDP-Based Amplification Attack (https://www.linuxquestions.org/questions/linux-security-4/us-cert-alert-ta14-017a-udp-based-amplification-attack-4175551345/)

tronayne 08-21-2015 07:03 AM
US-CERT Alert (TA14-017A) UDP-Based Amplification Attack
 
Original release date: January 17, 2014 | Last revised: August 19, 2015

Systems Affected

Certain UDP protocols have been identified as potential attack vectors:
  • DNS
  • NTP
  • SNMPv2
  • NetBIOS
  • SSDP
  • CharGEN
  • QOTD
  • BitTorrent
  • Kad
  • Quake Network Protocol
  • Steam Protocol
  • RIPv1
  • Multicast DNS (mDNS)
  • Portmap
Overview

A Distributed Reflective Denial of Service (DRDoS) attack is a form of Distributed Denial of Service (DDoS) that relies on the use of publicly accessible UDP servers, as well as bandwidth amplification factors, to overwhelm a victim system with UDP traffic.

See https://www.us-cert.gov/ncas/alerts/TA14-017A for the complete Description, Impact, Solution (Detection, Mitigation) and References.

Hope this helps some.


All times are GMT -5. The time now is 12:07 AM.