0 valutazioniIl 0% ha trovato utile questo documento (0 voti)
47 visualizzazioni10 pagine
http://bit.ly/1t9Y4Wf | Many older SNMP devices have the ability to take public queries from the Internet enabled by default, allowing malicious actors to launch reflected DDoS attacks by directing SNMP messages at a chosen target. To stop these devices from participating in attacks, network administrators need to manually check for the presence of this protocol and turn off public access. Find out more about this DDoS threat in the full Akamai SNMP Threat Advisory,
http://bit.ly/1t9Y4Wf | Many older SNMP devices have the ability to take public queries from the Internet enabled by default, allowing malicious actors to launch reflected DDoS attacks by directing SNMP messages at a chosen target. To stop these devices from participating in attacks, network administrators need to manually check for the presence of this protocol and turn off public access. Find out more about this DDoS threat in the full Akamai SNMP Threat Advisory,
http://bit.ly/1t9Y4Wf | Many older SNMP devices have the ability to take public queries from the Internet enabled by default, allowing malicious actors to launch reflected DDoS attacks by directing SNMP messages at a chosen target. To stop these devices from participating in attacks, network administrators need to manually check for the presence of this protocol and turn off public access. Find out more about this DDoS threat in the full Akamai SNMP Threat Advisory,
2014 AKAMAI | FASTER FORWARD TM SNMP Attacks on the Rise Since April 11, 2014, Prolexic has observed a marked resurgence in the use of Simple Network Management Protocol (SNMP) reflection attacks SNMP is a commonly-used protocol in many devices for the home and office SNMP devices like printers, routers, servers, modems, and desktops can provide DDoS reflection and amplification for attackers
2014 AKAMAI | FASTER FORWARD TM Why SNMP? Although the latest version is more secure, devices more than about three years old use SNMP v2, which is openly accessible to public request by default Protocol-based attacks rise and fall in popularity; right now new SNMP reflection tools in the underground are driving a surge in popularity of this attack
2014 AKAMAI | FASTER FORWARD TM SNMP Attack Statistics 2014 AKAMAI | FASTER FORWARD TM SNMP Attacks in 2014 14 DDoS campaigns using the protocol have been observed since April 11, 2014 As devices are discovered to be participating in attacks, their IP addresses are blacklisted by the Internet community, leading to smaller attack sizes However, malicious actors will continue to identify additional devices vulnerable to SNMP reflection The remaining vulnerable servers are continuing to make this attack dangerous
2014 AKAMAI | FASTER FORWARD TM How SNMP Attacks Work GetBulk: Dumps many values stored on the device IP addresses on a router, what kind of toner is in the printer, or similar data The tool sends GetBulk requests to vulnerable SNMP-enabled devices, pretending to be the target The device then sends the GetBulk information to the target
2014 AKAMAI | FASTER FORWARD TM How SNMP Attacks Work (continued) The resulting response can be greatly amplified In one real attack, a single 37-byte request packet generated a 64,000-byte response split across 44 packets This is an amplification factor of more than 1,700 times Any device configured to listen to SNMP v2 requests could become a reflector in such an attack
2014 AKAMAI | FASTER FORWARD TM Dont Be Part of an Attack: Configure Your SNMP Devices Properly It is essential that network administrators help take down vulnerable devices Scan for devices on your network that have the default public community string and limit public access Devices such as printers shouldnt be open to the Internet When possible, use SNMP v3
2014 AKAMAI | FASTER FORWARD TM Threat Advisory: NTP AMP DDoS toolkit Download the threat advisory, Threat Advisory: SNMP Reflection DDoS Attacks This DDoS threat advisory includes: How to identify an attack from the SNMP Refelector DDoS tool Analysis of the source code Payload analysis IDS Snort rule and attack signatures Remediation instructions for owners of devices that support the SNMP v2 protocol
2014 AKAMAI | FASTER FORWARD TM About Prolexic (now part of Akamai) We have successfully stopped DDoS attacks for more than a decade Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers