lecture: Masked reflected DDoS attacks, and how to protect against them
Some attacks go unchanged for years, and a great example for this is reflected DDoS attacks. The idea is simple, and they’ve been carried out for decades, but despite their large volume, the attacks are usually quite easy to mitigate. However, once you add a twist to those attacks, you augment them, and make them harder to protect against.
Reflected DDoS vectors have been used for decades as a shortcut to launch large volume attacks without a need for equally large botnet resources. For unprotected targets these attacks will always be bad news, but from a mitigation point of view these attacks resemble a diminishing threat due to bandwidth no longer being a concern to most mitigation providers, and how easily these attacks can be detected and differentiated from valid traffic.
Network protocols that are being abused as reflected DDoS vectors typically follow a specific well known pattern, making life easy for both attacker and DDoS mitigator, but DDoS attacks seen in the wild seem to challenge this perspective.
In this session, we’ll describe in detail the UPnP protocol faults and demonstrate a DDoS attack that leverages UPnP devices to evade common protection techniques. Then, we’ll recommend our approach to handle these attacks.
Start time: 17:00