Adrian McEwen @amcewen@mastodon.me.uk
Mastodon

Hmm. Spent a chunk of today working out that a client's CoAP server was being used as an amplification service as part of a DDoS network 😞

The server wasn't (AFAICT) compromised, just being used to turn ~60 byte attack packets into ~540 byte attack packets, as well as presumably spreading out the attacking traffic's route through the Internet.

https://www.ietf.org/archive/id/draft-mattsson-t2trg-amplification-attacks-01.html goes into more depth, if anyone wants further background.

www.ietf.orgAmplification Attacks Using the Constrained Application Protocol (CoAP) Protecting Internet of Things (IoT) devices against attacks is not enough. IoT deployments need to make sure that they are not used for Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are typically done with compromised devices or with amplification attacks using a spoofed source address. This document gives examples of different theoretical amplification attacks using the Constrained Application Protocol (CoAP). The goal with this document is to raise awareness and to motivate generic and protocol-specific recommendations on the usage of CoAP. Some of the discussed attacks can be mitigated by not using NoSec or by using the Echo option.
#CoAP#security#DDoS
Jul 02, 2024, 01:49 PM·Public·Web
1boost·2favorites