Meet the Microsoft servers that have been fueling massive DDoSes for months

News Summary

  • Also known as amplification attacks, these reflection techniques allow record-breaking DDoSes to be delivered by the tiniest of botnets.Over the past year, a growing source of reflection attacks have been the Connectionless Lightweight Directory Access Protocol.
  • Targets—be they game companies, journalists, or even crucial pillars of Internet infrastructure—often buckled at the strain and either completely fell over or slowed to a trickle.Companies like Lumen, Netscout, Cloudflare, and Akamai then countered with defenses that filtered out the junk traffic, allowing their customers to withstand the torrents.
  • Rather than sending the torrent of junk traffic to the target directly, DDoSers send network requests to one or more third parties.
  • But on the open Internet, all UDP services are vulnerable to reflection.”DDoSers have been using it since at least 2017 to magnify data torrents by a factor of 56 to 70, making it among the more powerful reflectors available.
  • When CLDAP reflection was first discovered, the number of servers exposing the service to the Internet was in the tens of thousands.
  • Since 2020, however, the number has once again climbed, with a 60-percent spike in the past 12 months alone, according to Black Lotus Labs.The researcher went on to profile four of those servers.
2 with 2 posters participatingA small retail business in North Africa; a North American telecommunications provider; two separate religious organizations What do they all have in common? Theyre al [+3926 chars]