Last August, academic researchers discovered a potent new method for knocking sites offline: a fleet of misconfigured servers more than 100,000 strong that can amplify floods of junk data to once-unthinkable sizes. These attacks, in many cases, could result in an infinite routing loop that causes a self-perpetuating flood of traffic. Now, content-delivery network Akamai says attackers are exploiting the servers to target sites in the banking, travel, gaming, media, and web-hosting industries.
These servers—known as middleboxes—are deployed by nation-states like China to censor restricted content and by large organizations to block sites pushing porn, gambling, and pirated downloads. The servers fail to follow transmission control protocol (TCP) specifications that require a three-way handshake—comprising a SYN packet sent by the client, a SYN+ACK response from the server, and a confirmation ACK packet from the client—before a connection is established.
View Full Article