Loop DoS Attack Exploits UDP Protocol, Can Cripple Vulnerable Systems Without the Use of a Botnet

by | Mar 26, 2024

While massive botnets comprised of millions of compromised devices remain a major part of the threat landscape, a new theoretical DoS attack leverages infinite error messages to cripple vulnerable systems using just a pair of exploitable servers.

The DoS attack hinges on the discovery of a vulnerability in implementations of some of the core protocols that make the internet function. When an attacker finds a vulnerable server, they can initiate an essentially endless error message string against a target that will eventually consume all available resources for both victims. The study’s authors have not yet seen this happen in the wild, but believe that there are about 300,000 vulnerable internet hosts.

Vulnerable systems may have patches available

The DoS attack is dangerous enough simply due to its accessibility to just about anyone on the internet. But it also runs at the application level, and essentially cannot be stopped (even by the attacker) once it has begun.

The extent of potential damage is tough to estimate at this point, but seems to revolve around impacted hardware models; specifically, whether these vulnerable systems can be patched and how many end-of-life devices that are beyond patching are still floating around in action. The report mentions various specific “big name” manufacturers that have at least some of their product line impacted. Broadcom has said the DoS attack only impacts older routers, but that it will nevertheless be patching them. Microsoft and MicroTik have also promised patches for vulnerable hardware. Zyxel has said that only end-of-life devices are impacted by the issue, and it will not be patching anything. Honeywell was also mentioned by the researchers as having vulnerable devices.

For those that are stuck with an unpatched device there are some alternative means of protecting vulnerable systems, chiefly trimming down UDP application and service access and deploying anti-spoofing solutions. The incident should also prompt security teams to think about novel ways in which network resources can be weaponized by a creative attacker, as botnets are now far from the only threat in the DoS landscape.

DoS attack exploits hole in packet verification process

The fact that the vulnerability is in the UDP packet verification process is the element that makes addressing the DoS attack difficult and frustrating. It is fairly easy for an attacker to initiate when they find the right pairing of vulnerable systems, and there is not much that can be done about it once it gets underway. Defense against this attack will likely have to be entirely preventive in nature.

The good news is that, at least for the moment, the DoS attack remains theoretical. There is not yet evidence that anyone has exploited it in the wild. Microsoft indicated that though some of their devices were vulnerable, they did not believe the attack could actually escalate enough to crash networks even with unpatched systems in play. It is entirely reasonable to expect that attackers will now try it, however, given that patching and mitigation is bound to have substantial lag.

Recent Posts

How can we help?

1 + 4 =

× How can I help you?