New DDoS Amplification Vector WS Discovery Protocol
A new attack vector was identified in the first half of 2019. Attackers have been abusing the Web Services Discovery (WS-Discovery, WS-DD or WSD) protocol since the middle of the year.* It is a multicast discovery protocol for locating LAN services. Communication is carried out using SOAP via UDP on the source port 3702. The standard was published in 2005.
As of October 2019, the new vector already seems to have become a well-established tool for DDoS criminals and booter services. During the aggressive and high-volume DDoS attacks in the name of Fancy Bear, WS Discovery was repeatedly registered as a reflection vector.
The amplification method has the potential to cause major damage.The resulting amplification factor can peak at up to 100 times the original attack. For comparison: DNS has an amplification factor of 28 to 54, CLDAP of 56 to 70. Previously registered attacks using WSD have achieved bandwidth peaks of over 100 Gbps.
Hundreds of thousands of IP addresses with WS Discovery services worldwide, such as cameras and printers, are unprotected and can be misused for attacks. To minimize the security risk, the LSOC recommends disabling the WSD protocol and blocking it in Windows Firewall.
This is not the first time that DDoS attackers have rediscovered established, long-standing protocols. Attackers constantly identify new vulnerabilities and open services that can be misused for overload attacks. Recent Memcached and CLDAP attacks have shown that IT administrators are constantly faced with new attack techniques.
* zero.bs: New DDoS Attack-Vector via WS-Discovery/SOAPoverUDP, Port 3702, 16.08.2019
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
What makes Link11’s DDoS protection solution so unique? The answer lies in the AI based filter technology. Watch th…
0 Retweets 0Read More
Digital advances are recreating global business through ongoing advances in artificial intelligence, the Internet o…
1 Retweets 1Read More
RT @MarcWilczek: Why Cyber-Risk Is a C-Suite Issue Organizations realize the scale of cyber-risk but lack counter-actions to build resilie…
3 Retweets 0
‘It’s not if, but when’ is a long-established trope in the world of cybersecurity, warning organizations that no ma…
5 Retweets 1Read More
RT @MarcWilczek: Five Key Cyber-Attack Trends for This Year The potential scale and scope of distributed denial of service (DDoS) attacks…
4 Retweets 0