back to article Trivial path for DDoS amplification attacks found by infosec bods

Security researchers have discovered a new vector for DDoS amplification attacks – and it's quite literally trivial. Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years. Researchers at Edinburgh Napier University have …

  1. Pseudonymous Diehard

    Cant read the full research

    There appears to be a paywall.

    From what I can see it looks like they simply established that TFTP ports might be open and that might alliw an attack.

    Realistically though the threat is elsewhere. Id imagine a lot of these TFTP enabled devices can easily be fingerprinted and are likely to be routers / switches / WAPs etc.

    Or even more worryingly...phone systems...or indeed phone handsets.

    More worrying still is the fact that TFTP is usually off by default on a lot of stuff and only gets enabked when maintenance or firmware updates are required.

    Forget the DDoS threat...what about malicious firmware upgrades?

    I doubt the majority are actual TFTP servers since most of us only fire up a TFTP server when we need it...right?

  2. Lee D Silver badge

    Doh.

    If you're exposing TFTP to the world (unencrypted, possibly unauthenticated, etc.), the problem is NOT a TFTP amplification attack.

    It's you, and your insecure systems.

    Sometimes I wish that the things that my old ISP used to do (probe port 139 of your connection and if it was open, turn off your Internet connection until you agree to take responsibility for it on an intercepted web page message), should be applied to EVERYTHING like this that has a port accessible to the world.

    1. Dan Wilkie

      Based on the number of exposed Telnet connections I've seen on, for example, Cisco devices (on defaults credentials even...) - this comes as no great surprised...

    2. pklausner

      Is there such a thing as authenticated or encrypted TFTP?

      I don't think so... https://en.wikipedia.org/wiki/Tftp

      1. Lee D Silver badge

        Re: Is there such a thing as authenticated or encrypted TFTP?

        I said the same to myself about telnet at one point.

        Who the hell knew that telnet has a standard - but rubbish - encryption scheme as an option somewhere in its official protocol description? I certainly didn't until I read about it.

  3. Tom 13
    Unhappy

    Re: unable to point to specific examples of DDoS attacks based on TFTP.

    Well, now that they've published the paper, give it a week.

  4. Alistair
    Holmes

    TFTP "authentication" scheme.

    The only one i can think of is mac assignments. With a couple of older tablet/ereader type critters it allowed me to do firmware updates over the wifi.

    Pointed at the interwebz?

    *blinkblink*

    f@&& no.

  5. thazlett

    cbg

    #bizzled

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like