DDoS Protection , Security Operations

Denial-of-Service Attack Could Put Servers in Perpetual Loop

Researchers Spot Vulnerability in Application-Layer Communication Protocol
Denial-of-Service Attack Could Put Servers in Perpetual Loop
Image: Shutterstock

A new type of denial-of-service threat can disrupt an estimated 300,000 internet hosts that are at risk of exploitation.

See Also: Webinar | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

This novel threat targets the network application layer with the User Datagram Protocol - a connectionless protocol commonly found in many internet-based applications. The attack exploit entangle two servers in a perpetual communication loop, overwhelming networks with traffic and rendering systems unresponsive, according to researchers at the CISPA Helmholtz Center for Information Security.

The loop DoS vulnerability, tracked as CVE-2024-2169, involves exploiting the UDP in application-layer protocols to create the communication loop, which can lead to service instability, network outages and amplification of DoS attacks.

The CISPA report says the affected UDP-based application protocols include DNS, NTP, TFTP, Echo - RFC862, Chargen - RFC864, and QOTD - RFC865).

Jason Kent, hacker in residence at Cequence Security, warned such an attack could trigger cascading system failures. He advised transitioning to TCP-based communication with robust authentication and monitoring capabilities to mitigate this threat effectively.

CISPA researchers Yepeng Pan and Christian Rossow said that the attack's simplicity belies its destructive potential, as even a single spoofing-capable host can trigger a loop between vulnerable servers.

There is no evidence of the vulnerability being weaponized in real-world scenarios, but researchers identified numerous products from Broadcom, Cisco, Honeywell, Microsoft, MikroTik and Zyxel that are vulnerable to the attack.

Overload of Vulnerable Services

The Carnegie Mellon University CERT Coordination Center said exploitation of this vulnerability, in addition to overwhelming services with excess traffic, could also cause a denial-of-service attack on the network backbone that could easily spread to connected networks and act as an amplification mechanism to intensify the impact of a cyberattack.

Carnegie Mellon CERT advised network administrators to deploy available techniques such as Unicast Reverse Path Forwarding to prevent IP spoofing and protect internet-facing resources.

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.