‘Lock down UPnP routers,’ researchers say.
A new DDoS technique is adding a new twist to this common threat and upping the chance that an attack will have an impact on business operations. The new attack leverages a known vulnerability in Universal Plug and Play (UPnP) to get around many of the current defense techniques and swamp a target’s network and servers.
The basis of the attack is a DNS amplification technique that bounces a DNS query response to the victim based on a spoofed requester address. In this new DDoS approach, though – detailed by researchers at Imperva – the attack mechanism is a UPnP router that is happy to forward requests from one external source to another (in violation of UPnP behavior rules).