Reflective TFTP DDoS attack vector is now a reality
The first weaponised attack script started circulating days after the publication of a study 2 months ago, which warned that 600.000 TFTP servers could be exploited for reflective DDoS attacks.
(▻http://seenthis.net/messages/473596)
▻http://news.softpedia.com/news/ddos-attacks-via-tftp-protocol-become-a-reality-after-research-goes-
Akamai SIRT, the company’s security team, says its engineers have detected at least ten DDoS attacks since April 20, 2016, during which the crooks abused Internet-exposed TFTP servers to reflect traffic
First instances of TFTP reflection DDoS attacks fail to impress
the attack wasn’t pure, it never reached huge statistical measurements. Akamai reports the peak bandwidth was 1.2 Gbps, and the peak packet volume was 176,400 packets per second. These are considered low values for DDoS attacks, but enough to consume the target’s bandwidth.
The crooks seem to have misconfigured the attack script
In the attacks it detected, Akamai says the crooks ignored to set the attacked port value, and their script sent out traffic to random ports on the target’s server.
Akamai warns organizations to secure their TFTP servers by placing these servers behind a firewall. Since the 25-year-old TFTP protocol doesn’t support modern authentication methods, there is no good reason to have these types of servers exposed to the Internet.