![]() "The collateral impact of SLP reflection/amplification attacks is potentially significant for organizations whose internet-exposed VMWare ESXi servers or other SLP-enabled systems can be abused as DDoS reflectors/amplifiers," Netscout cautioned. Web security company Cloudflare, in an advisory, said it "expects the prevalence of SLP-based DDoS attacks to rise significantly in the coming weeks" as threat actors experiment with the new DDoS amplification vector. ![]() "It is equally important to enforce strong authentication and access controls, allowing only authorized users to access the correct network resources, with access being closely monitored and audited," the researchers said. To mitigate against the threat, users are recommended to disable SLP on systems directly connected to the internet, or alternatively filter traffic on UDP and TCP port 427. To do so, all an attacker needs to do is find an SLP server on UDP port 427 and register "services until SLP denies more entries," followed by repeatedly spoofing a request to that service with a victim's IP as the source address.Īn attack of this kind can produce an amplification factor of up to 2,200, resulting in large-scale DoS attacks. Successful exploitation of CVE-2023-29552 could allow permit an attacker to take advantage of susceptible SLP instances to launch a reflection amplification attack and overwhelm a target server with bogus traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |