New DDoS Amplification Vector WS Discovery Protocol
A new attack vector was identified in the first half of 2019. Attackers have been abusing the Web Services Discovery (WS-Discovery, WS-DD or WSD) protocol since the middle of the year.* It is a multicast discovery protocol for locating LAN services. Communication is carried out using SOAP via UDP on the source port 3702. The standard was published in 2005.
As of October 2019, the new vector already seems to have become a well-established tool for DDoS criminals and booter services. During the aggressive and high-volume DDoS attacks in the name of Fancy Bear, WS Discovery was repeatedly registered as a reflection vector.
The amplification method has the potential to cause major damage.The resulting amplification factor can peak at up to 100 times the original attack. For comparison: DNS has an amplification factor of 28 to 54, CLDAP of 56 to 70. Previously registered attacks using WSD have achieved bandwidth peaks of over 100 Gbps.
Hundreds of thousands of IP addresses with WS Discovery services worldwide, such as cameras and printers, are unprotected and can be misused for attacks. To minimize the security risk, the LSOC recommends disabling the WSD protocol and blocking it in Windows Firewall.
This is not the first time that DDoS attackers have rediscovered established, long-standing protocols. Attackers constantly identify new vulnerabilities and open services that can be misused for overload attacks. Recent Memcached and CLDAP attacks have shown that IT administrators are constantly faced with new attack techniques.
* zero.bs: New DDoS Attack-Vector via WS-Discovery/SOAPoverUDP, Port 3702, 16.08.2019
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
The German BKA has published the Cybercrime Report 2020: ➡️ In 2020, 108,474 cyber-crime cases were recorded by the…
1 Retweets 2Read More
"More than 80% of U.S. companies have been successfully hacked, according to Duke University." But the article als…
0 Retweets 1Read More
📅 Do not forget the exciting date for tomorrow!
0 Retweets 0Read More
Our new DDoS report Q1 2021 is out now! 💡 Link11's IT security experts summarise the status and the most significa…
3 Retweets 3Read More
It might seem ironic, but its a good example showing nobody is safe. Better keep your cybersecurity & DDoS protecti…
3 Retweets 4Read More
Article is already a few days old but still highly interesting: Water utilities must strengthen their…
2 Retweets 0Read More