"Researchers Show How Censorship Systems Can Be Abused for DDoS Amplification"

Researchers have identified a new Distributed Denial-of-Service (DDoS) attack vector over TCP that allows for reflected amplification at significantly high levels, previously unseen. Misconfigured network middleboxes and censorship systems, including devices that enable infinite amplification, are used in the HTTP-based reflected amplification attack. Researchers from the University of Maryland and the University of Colorado Boulder say these attacks can result in more amplification than existing UDP-based attacks. Their results have shown that censorship infrastructure poses a more significant threat to the broader Internet than previously understood. The technique identified by the researchers also allows firewalls and intrusion prevention systems that have been deployed within non-censoring nation-states to be weaponized. This new technique uses TCP despite the three-way handshake that protects TCP applications from being used as amplifiers. According to the researchers, TCP is used in the technique because there are network middleboxes that do not conform to the TCP standard, presenting an opportunity for abuse. They found many censorship middleboxes that would respond to censored requests with large block pages even though there is no valid TCP connection or handshake. Therefore, these devices can be weaponized and abused for DDoS amplification. The team discovered normal TCP reflection, middlebox reflection, combined destination and middlebox reflection, victim-sustained reflection, and other types of attacks. They also found that routing loops and victim-sustained reflection caused infinite amplification. This article continues to discuss the potential abuse of censorship systems for DDoS amplification. 

Security Week reports "Researchers Show How Censorship Systems Can Be Abused for DDoS Amplification"