viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
DDoSers are abusing Microsoft RDP to make attacks more powerful
Technology

DDoSers are abusing Microsoft RDP to make attacks more powerful

23/01/2021

Stylized illustration of a hooded figure at a laptop.
Enlarge / Hacker attacking server or database. Network security, Database secure and personal data protection

DDoS-for-hire services are abusing the Microsoft Remote Desktop Protocol to increase the firepower of distributed denial-of-service attacks that paralyze websites and other online services, a security firm said this week.

Typically abbreviated as RDP, Remote Desktop Protocol is the underpinning for a Microsoft Windows feature that allows one device to log into another device over the Internet. RDP is mostly used by businesses to save employees the cost or hassle of having to be physically present when accessing a computer.

As is typical with many authenticated systems, RDP responds to login requests with a much longer sequence of bits that establish a connection between the two parties. So-called booter/stresser services, which for a fee will bombard Internet addresses with enough data to take them offline, have recently embraced RDP as a means to amplify their attacks, security firm Netscout said.

The amplification allows attackers with only modest resources to strengthen the size of the data they direct at targets. The technique works by bouncing a relatively small amount of data at the amplifying service, which in turn reflects a much larger amount of data at the final target. With an amplification factor of 85.9 to 1, 10 gigabytes-per-second of requests directed at an RDP server will deliver roughly 860Gbps to the target.

“Observed attack sizes range from ~20 Gbps – ~750 Gbps,” Netscout researchers wrote. “As is routinely the case with newer DDoS attack vectors, it appears that after an initial period of employment by advanced attackers with access to bespoke DDoS attack infrastructure, RDP reflection/amplification has been weaponized and added to the arsenals of so-called booter/stresser DDoS-for-hire services, placing it within the reach of the general attacker population.”

Advertisement

DDoS amplification attacks date back decades. As legitimate Internet users collectively block one vector, attackers find new ones to take their place. DDoS amplifiers have included open DNS resolvers, the WS-Discovery protocol used by IoT devices, and the Internet’s Network Time Protocol. One of the most powerful amplification vectors in recent memory is the so-called memcached protocol which has a factor of 51,000 to 1.

DDoS amplification attacks work by using UDP network packets, which are easily spoofable on many networks. An attacker sends the vector a request and spoofs the headers to give the appearance the request came from the target. The amplification vector then sends the response to the target whose address appears in the spoofed packets.

There are about 33,000 RDP servers on the Internet that can be abused in amplification attacks, Netscout said. Besides using UDP packets, RDP can also rely on TCP packets.

Netscout recommended that RDP servers be accessible only over virtual private network services. In the event RDP servers offering remote access over UDP can’t be immediately moved behind VPN concentrators, administrators should disable RDP over UDP as an interim measure.

Besides harming the Internet as a whole, unsecured RDP can be a hazard to the organizations that expose them to the Internet.

“The collateral impact of RDP reflection/amplification attacks is potentially quite high for organizations whose Windows RDP servers are abused as reflectors/amplifiers,” Netscout explained. “This may include partial or full interruption of mission-critical remote-access services, as well as additional service disruption due to transit capacity consumption, state-table exhaustion of stateful firewalls, load balancers, etc.”

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Jurassic World: Evolution stomps onto Switch on November 3
Jurassic World: Evolution is getting a Switch port on November …

Jurassic World: Evolution stomps onto Switch on November 3

Nvidia creates crazy-fast 360Hz G-Sync display for esports
Milliseconds can make a difference between victory and defeat in …

Nvidia creates crazy-fast 360Hz G-Sync display for esports

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Are your bounce rate numbers accurate?
    Are your bounce rate numbers accurate?
    25/01/2020
  • 2020 will be a big year for online childcare — here are 7 startups to watch
    Generate Capital raises $1 billion for renewable …
    05/02/2020
  • NextMind ships its real-time brain computer interface Dev Kit for $399
    NextMind ships its real-time brain computer interface …
    08/12/2020
  • 2020 will be a big year for online childcare — here are 7 startups to watch
    Sony announces its first 5G flagship, the …
    24/02/2020
  • Fast & Furious: Crossroads lives video games a quarter-mile at a time
    Google gives $2.3M to 18 news organizations …
    30/04/2020

Popular Posts

  • Verizon’s nationwide 5G will only be a “small” upgrade over 4G at first
    Verizon tells users to disable 5G to …
    01/03/2021 0
  • 10 Best Ancient Structures We Still Don’t …
    01/02/2021 0
  • Top 10 Blockchain Technologies – Listverse
    01/02/2021 0
  • 10 Best Theories That Explain The Bermuda …
    01/02/2021 0
  • Ars Technicast special edition, part 2: Open systems and the “joint force”
    Ars Technicast special edition, part 2: Open …
    01/02/2021 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2021 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh