The attack generated 35GB junk traffic per second and is the fourth largest DDoS attack the company has seen in terms of the highest reflected amplification factor.
The big picture
Web Services Dynamic Discovery (WSD) allows network devices to send user datagram protocol packets, and also receive and respond to them.
Jonathan Respeto in the Akamai blog says that WSD was designed to be a LAN-scoped technology, and not meant to survive on the internet.
Research findings
Systems can leak internal IP address and model number when sending a valid XML request which can be leveraged to look for known exploits.
The takeaway
Akamai says that placing blocks on the UDP port 3702 can help to prevent such attacks, but that won’t make the problem go away. This is because traffic congests bandwidth on routers as well. DDoS mitigation providers can help in blocking the attack traffic.
“Everyone is a potential target for WSD attacks, so organizations should be ready to route traffic to their DDoS mitigation provider if they're hit with this large attack. Due to its large amplification factors, we expect that attackers will waste little time in leveraging WSD for use as a reflection vector,” reads the Akamai blog.
Publisher