UPnP buys more bad name

Universal Plug and Play Networking Protocols takes the centre-stage of yet another controversy forcing the Infosec fraternity to keep themselves away from the set of networking protocols. After a brief gap, many cyber security experts have found out more and more stunning facts raising doubts over the way UPnP works these days. The InoSec community is quick to target the networking protocol acting on the recent disturbing revelations by Imperva that provides cyber security software and services. The experts doing an extensive study on the cyber security related issues have, of late, devised an effective mechanism to exploit the UPnP protocol. Acting on the incident of 2017 DDoS attack, Imperva claimed to have attained a proof of concept which helped it decipher the UPnP technical tricks. It was Imperva only which spotted the DDoS attack. Imperva’s study and analysis are based on the amplification system with Domain Name System servers and Simple Service Discovery Protocol (SSDP).

According to what the cyber security experts say, blocking the packets with sources port 53 is an effective mechanism that can mitigate the DNS amplification assault. They further have observed an amount of SSDP payloads at an unspecified source other than UDP/1900. That’s how, they took on the unconventional SSDP amplification attack in April. Imperva has put in place a system to counter the 2017-like attack by UPnP. Another massive DDoS attack struck the cyber world in March where the worst-hit was GitHub with a sustained 1.3 tbps traffic which lasted for less than ten minutes. According to the researchers, the moment a rootDesc.xml file is spotted, the hackers can easily use it in a device to run. They keep saying that the scheme, a request can be made for forwarding rule that reroutes all UDP packets sent to the port of an external DNS server.

Leave a Reply