•   
  •   
  •   

Technology Powerhouse VPN products can be abused for large-scale DDoS attacks

07:35  23 february  2021
07:35  23 february  2021 Source:   zdnet.com

FBI, Europol take down a VPN service aimed at criminals

  FBI, Europol take down a VPN service aimed at criminals Virtual private networks are often forces for good that keep your data secure, but how that service is offered appears to matter to law enforcement. TorrentFreakreports that the FBI and Europol worked together to shut down Safe-Inet (also known as Insorg), a VPN service apparently tailor-made for criminals. The “bulletproof” service was not only advertised on crime-focused forums, but was reportedly used often for practices like card skimming, ransomware and account hijacking.

Botnet operators are abusing VPN servers from VPN provider Powerhouse Management as a way to bounce and amplify junk traffic part of DDoS attacks . This new DDoS vector has been discovered and documented by a security researcher who goes online as Phenomite, who shared his findings with ZDNet last week. This means that an attacker can send a single-byte UDP packet to a Powerhouse VPN server, which then amplifies it and sends it to the IP address of a victim of a DDoS attack —in what security researchers call a reflected/amplified DDoS attack . Attacks already detected in the wild.

In a research paper published today, academics from the Tel Aviv University and The Interdisciplinary Center in Herzliya, Israel, said they found a way to abuse this delegation process for DDoS attacks . The NXNSAttack technique has different facets and variations, but the basic steps are detailed below The research team says the NXNSAttack packet amplification factor (PAF) depends on the DNS software running on a recursive DNS server; however, in most cases, the amplification factor is many times larger than other DDoS amplification (reflection) attacks , where the PAF is usually

Botnet operators are abusing VPN servers from VPN provider Powerhouse Management as a way to bounce and amplify junk traffic part of DDoS attacks.

  Powerhouse VPN products can be abused for large-scale DDoS attacks © ZDNet

This new DDoS vector has been discovered and documented by a security researcher who goes online as Phenomite, who shared his findings with ZDNet last week.

The researcher said the root cause of this new DDoS vector is a yet-to-be-identified service that runs on UDP port 20811 on Powerhouse VPN servers.

Phenomite says that attackers can ping this port with a one-byte request, and the service will often respond with packets that are up to 40 times the size of the original packet.

Watch: Even Junior Team USA member couldn’t believe they won

  Watch: Even Junior Team USA member couldn’t believe they won Team USA won the IIHF World Junior Championship with a 2-0 win over Canada at Rogers Place in Edmonton on Tuesday, and even one of the team’s players couldn’t believe it. © Jeff Curry-USA TODAY Sports As Team USA lined up to receive their gold medals for their win at the event, NHL Network cameras captured the players’ reactions. One of the young players was even heard saying “are you shi–ing me?” about the team’s win. One of the announcers humorously replied, “Nope. No we are not.” Announcer “nope. No we are not” https://t.co/xd9RGtCG8L — Beto Durán (@DuranSports) January 6, 2021 Nope, it’s not a fantasy.

A DDoS attack employs the processing power of multiple malware-infected computers to target a single system. The botmaster, as the lead attacking computer, is called, can act in three primary methods. Often, would- be hackers combine these three types of approaches to attack a target on multiple fronts, completely overwhelming its defenses until stronger and more thorough countermeasures can be deployed. 7 Best Practices for Preventing DDoS attacks .

First attacks abusing the WS-Discovery protocol on a large scale have been first reported in early May by security researcher Tucker Preston. The researcher told ZDNet that he observed over 130 DDoS attacks at the time, with some reaching sizes of over 350 Gbps. These attacks were later confirmed by Netscout in a report Right now, WS-Discovery DDoS attacks haven't reached a stage where they happen daily, nor are they being used at their full potential, with many attacks still using only a fraction of the total WS-Discovery devices available online, and only achieving small amplification factors.

Since these packets are UDP-based, they can also be modified to contain an incorrect return IP address. This means that an attacker can send a single-byte UDP packet to a Powerhouse VPN server, which then amplifies it and sends it to the IP address of a victim of a DDoS attack —in what security researchers call a reflected/amplified DDoS attack.

Attacks already detected in the wild

Both Phenomite and ZDNet have reached out to Powerhouse Management to notify the company about its products' behavior, seeking to ensure that a patch is deployed to its servers that would prevent its VPN infrastructure from being abused in future DDoS attacks.

However, the company has not responded to any of our emails.

Furthermore, we also learned today that threat actors have also discovered this DDoS attack vector, which they have already weaponized in real-world attacks, some of which have reached as much as 22 Gbps, sources have told ZDNet.

Internet infrastructure companies should be public utilities

  Internet infrastructure companies should be public utilities When Google, Apple, and Amazon's AWS took action against Parler, a much wider section of the public began paying attention to an ongoing debate: Should the public be able to hold web infrastructure companies accountable?Two days later, Twitter permanently banned Trump, whose prolific personal account had amassed 88 million followers and posted more than 56,000 tweets.

Famous DDoS attacks | The largest DDoS attacks of all time. In a distributed denial -of- service ( DDoS ) attack , multiple devices are used to overwhelm a targeted server with requests and take web applications offline. The attackers sent spoofed packets to 180,000 web servers, which in turn sent responses to Google. The attack was not an isolated incident: the attackers had directed multiple DDoS attacks at Google's infrastructure over the previous six months.

It is called distributed denial of service attack , or DDoS for short. In a DDoS attack , a set of compromised, distributed systems – could be servers, home computers, Internet-of-Things devices, anything connected to the internet– is used to overwhelm a targeted system with a flood of requests, to the It protects against the most common DDoS attacks , which generally take place in layers 3 or 4 of the network stack. The Advanced version offers detection and mitigation of sophisticated, large scale DDoS attacks , together with real-time visualization and AWS WAF, a firewall for web applications.

Around 1,520 Powerhouse VPN servers ready to be abused

According to a scan performed by Phenomite last week, currently, there are around 1,520 Powerhouse servers that expose their 20811 UDP port, meaning they can be abused by DDoS threat groups.

While servers are located all over the world, most vulnerable systems appear to be "in the UK, Vienna, and Hong Kong," the researcher told ZDNet.

Until Powerhouse fixes this leak, the researcher has recommended that companies block any traffic that comes from the VPN provider's networks (AS21926 and AS22363) or block any traffic where "srcport" is 20811.

The second solution is recommended, as it doesn't block legitimate VPN traffic from all Powerhouse VPN users but only "reflected" packets that are most likely part of a DDoS attack.

Phenomite's discovery comes to add to a long list of new DDoS amplification vectors that have been disclosed over the past three months. Previous disclosures included the likes of:

How Parler is trying to get back online

  How Parler is trying to get back online Parler tried to seek a hosting alternative to Amazon Web Services from at least six different potential providers once it became clear Amazon would no longer work with the social media platform — but was turned away, according to a court filing. © Olivier Douliery/AFP/Getty Images This illustration picture shows the social media website from Parler displayed on a computer screen in Arlington, Virginia on July 2, 2020. - Amid rising turmoil in social media, recently formed social network Parler is gaining with prominent political conservatives who claim their voices are being silenced by Silicon Valley giants.

website ddos python-script websites ddos - attacks flood- attack http-flood. Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

How do I prevent DDoS attacks on a CodeIgniter-based large scale website? Ad by JetBrains. Some network security company provide DDoS mitigation products . This kind of product could clean the data flow before arrivals your web server. Such as Cisco, NSFOCUS,they can tell you more details.

  • Citrix ADC gateways
  • Windows RDP servers
  • Plex media servers

Security

  • Every Google Chrome user should click this button now
  • Cyber security 101: Protect your privacy from hackers, spies, and the government
  • The best antivirus software and apps
  • The best VPNs for business and home use
  • The best security keys for two-factor authentication
  • DDoS attacks and ransomware: How to protect yourself against them (ZDNet YouTube)

Bug in shared SDK can let attackers join calls undetected across multiple apps .
Apps that use the SDK include MeetMe, Skout, Nimo TV, temi, and Talkspace.In the Next Normal, more conferences and community events will be delivered via digital channels.

usr: 13
This is interesting!