Researchers from eight organizations warn of a new distributed denial-of-service (DDoS) amplification attack that boosts DDoS volumes by a potential factor of four billion. Attackers have been using the Mitel MiCollab and MiVoice Business Express collaboration systems to launch attacks, with an amplification vector supplied by misconfigured Mitel servers.
"This particular attack vector differs from most UDP [user datagram protocol] reflection/amplification attack methodologies in that the exposed system test facility can be abused to launch a sustained DDoS attack of up to 14 hours in duration by means of a single spoofed attack initiation packet, resulting in a record-setting packet amplification ratio of 4,294,967,296:1," the researchers wrote. They suggested the attackers using this technique still seem to be experimenting.
From Ars Technica
View Full Article