A new distributed denial of service (DDoS) threat advisory was released yesterday by Prolexic Security Engineering & Response Team (PLXsert) of Akamai Technologies. The attacks identified in the advisory are particularly malicious since they target and abuse Simple Network Management Protocol (SNMP), which has recently seen a significant resurgence in use.
SNMP protocol—implemented for commonly supported devices such as printers, switches, firewalls and routers—uses the network to store data, such as IP addresses, thereby exposing a vulnerability that allows attackers to create massive amounts of malevolent traffic to networked devices, sending stored data all at once to a target, overwhelming its resources.
Tom Cross, director of security research for Lancope, in response to the Akamai findings, warned: “It's important that people do not allow their networks to serve as reflectors that attackers can use to amplify their denial of service attacks. To that end, DNS, SNMP, NTP, and Voice over IP services in particular should be checked to make sure that they cannot be used by an anonymous third party as a reflector. Locking down these services is part of being a good citizen of the Internet.”