TLDR:
Key Points:
- A new denial-of-service (DoS) attack called Loop DoS has been discovered targeting application-layer protocols based on UDP.
- The attack creates a self-perpetuating loop between two servers, causing a denial-of-service for both systems involved.
In a recent study by researchers at the CISPA Helmholtz-Center for Information Security, a new denial-of-service (DoS) attack vector targeting User Datagram Protocol (UDP) based application-layer protocols has been identified. The Loop DoS attack pairs servers in such a way that they communicate indefinitely, leading to a high volume of traffic that overwhelms the systems involved. The attack exploits certain implementations of UDP protocols like DNS, NTP, and TFTP to create a loop that cannot be stopped by attackers once initiated.
UDP, which does not validate source IP addresses, is vulnerable to IP spoofing, allowing attackers to forge packets with victim IP addresses and create reflected DoS attacks. The Loop DoS attack has the potential to impact hundreds of thousands of systems, with affected products from companies like Broadcom, Cisco, and Microsoft. While there is no evidence of the attack being weaponized yet, researchers emphasize the need for filtering spoofed traffic and implementing security measures like BCP38 to mitigate the risk.
With an estimated 300,000 hosts and networks susceptible to Loop DoS attacks, it is crucial for organizations to take proactive steps to protect their systems from this new threat.