Post by account_disabled on Mar 5, 2024 6:32:18 GMT
The protocol and allows the NTP server to be queried for the last hosts (monlist) that have connected to the server. With a spoofed IP address, it is sufficient to repeatedly send a simple "get monlist" request to the server and force the server to send hundreds of responses. This is precisely why the amplification factor of the NTP protocol is so high. Almost as often as NTP, the SSDP protocol (in . % of cases), which is used to connect devices in the network and is part of the UPnP (Universal Plug and Play) architecture, was abused for the purposes of DDoS attacks.
It is used, for example, when a computer communicates USA Phone Number List with printers, smartphones, speakers, etc. Through the protocol, devices exchange information with each other, for example about their existence and functions. The stumbling block is the abuse of the openly available "search" command, which when the device receives it, responds with a list of all its functionalities and options. It is enough to send requests to the device with a fake IP address , while the victim's server will receive responses in the form of these enumerations, the volume of which significantly exceeds the size of the requests.
This amplifies the attack. is an alternative to LDAP . It serves to mediate access to shared Internet directories. If CLDAP is misconfigured, an attacker can flood the server with requests for directory information from a spoofed IP address, similar to the previous cases. The abuse of memcached servers , which are supposed to help from the load by storing frequently used data in dynamic memory, works in a very similar way . With a bad setting, the amplification factor can be reached up to , times.
It is used, for example, when a computer communicates USA Phone Number List with printers, smartphones, speakers, etc. Through the protocol, devices exchange information with each other, for example about their existence and functions. The stumbling block is the abuse of the openly available "search" command, which when the device receives it, responds with a list of all its functionalities and options. It is enough to send requests to the device with a fake IP address , while the victim's server will receive responses in the form of these enumerations, the volume of which significantly exceeds the size of the requests.
This amplifies the attack. is an alternative to LDAP . It serves to mediate access to shared Internet directories. If CLDAP is misconfigured, an attacker can flood the server with requests for directory information from a spoofed IP address, similar to the previous cases. The abuse of memcached servers , which are supposed to help from the load by storing frequently used data in dynamic memory, works in a very similar way . With a bad setting, the amplification factor can be reached up to , times.