Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Over 100,000 devices can be used to amplify DDoS attacks via multicast DNS

Lucian Constantin | April 2, 2015
Over 100,000 devices have a misconfigured service called multicast DNS that accepts requests from the Internet and can potentially be abused to amplify distributed denial-of-service (DDoS) attacks.

Seaman found over 100,000 devices that respond to mDNS queries over the Internet and can potentially be used by attackers for DDoS amplification.

"These devices include several NAS boxes and printers as well as Windows and Linux machines," he said. "Some of these machines were located on larger networks such as corporations and universities, and appeared to be poorly secured, if secured at all."

The researcher notified the CERT Coordination Center (CERT/CC), which issued an advisory about the issue Tuesday.

"If such mDNS behavior is not a requirement for your organization, consider blocking the mDNS UDP port 5353 from entering or leaving your local link network," the organization said.

Some devices from Canon, Hewlett-Packard, IBM and Synology were found to respond to Internet-based mDNS queries in their default configurations. However, it's not clear which software running on them actually responds to the queries, CERT/CC said.

Avahi, a Linux software package for zero-configuration networking, was also found to be vulnerable.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.