A new DDoS attack vector is in town, exploiting a somewhat unknown protocol. Without further ado, let us dive in.
Akamai observed the attack after it hit some of its customers. The protocol abused is known as Datagram Congestion Control Protocol (DCCP) that offers data congestion procedures for UDP-based communications. Although DCCP has various capabilities, attackers exploited the three-way handshake at the beginning of a connection between DCCP and UDP.
About the attack
- The attackers can send a multitude of DCCP-request packets to a server’s port 33. This would result in the server crashing due to a lack of available resources.
- This attack resembles the TCP-SYN DDoS attacks that have been going on in the wild for more than 10 years now.
Do you need to worry?
- These attacks are implausible because internet hosts using this protocol are limited in number.
- Moreover, DCCP has been around for 14 years, and yet, very few OS support it.
- However, just because it is unpopular now, doesn’t mean that it will not gain popularity in the future. This can be stated owing to the fact that real-time streaming is getting extensive with every passing day.
Attacks that you need to worry about
- Netscout observed DDoS-for-hire services taking up a new amplification vector - Datagram Transport Layer Security (D/TLS). This vector enables attackers to amplify the attacks by a factor of 37.
- Lately, Telephony Denial of Service (TDoS) attacks have emerged as another part of DDoS. These attacks are being launched at emergency dispatch centers.
The bottom line
Although the DCCP-based attack is not widely used, there are other protocols that are being constantly targeted. The discovery of new attack vectors highlights the fact that threat actors will target anything and everything to achieve their objectives.