1 / 10

CHARGEN-Based DrDoS Attacks: A Growing Marketplace and DDoS

This ppt examines developments in the DDoS tools & services marketplace, specifically the vicious use of the CHARGEN protocol. Plus, get six simple steps to turn off CHARGEN & stop your servers from being recruited to participate in these attacks.

prolexicc
Download Presentation

CHARGEN-Based DrDoS Attacks: A Growing Marketplace and DDoS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CHARGEN-Based DrDoS Attacks: A Growing Marketplace and DDoS Threat

  2. New DDoS tools are widely available • The DDoS-as-a-service marketplace has expanded to include new tools • IP address scanning tools identify vulnerable servers • In the past, scanner tools were only available in underground forums • Now available publicly • Some are free • Most are simple to use • Also available: Ready-made lists from completed scans • Will your IP addresses be on an attacker’s list? www.prolexic.com

  3. What are these scanner tools looking for? • Servers vulnerable to reflection and amplification attacks • Specifically, access to specific network protocols: • CHARGEN • DNS • SNMP • NTP • Often the protocols are no longer needed but have not been turned off www.prolexic.com

  4. Old protocol with a new use: CHARGEN • CHARGEN stands for character generation • Attacker sends a spoofed CHARGEN request to a server, directing the output to the attacker’s target • The CHARGEN protocol responds, as designed, by sending lots of characters to the target • By exploiting multiple servers with CHARGEN at once, the incoming flow of characters overwhelms the target • What if your server were used by an attacker? • Your server would send unwanted traffic to the target • Outage from denial of service at the target • Poor performance on your server (it’s busy sending characters)

  5. Reflection attacks use your servers for profit • CHARGEN attacks use servers from Africa, Asia, Australia, Canada, Europe, Latin America and the U.S. • Flourishing underground commerce: • Attacker makes an IP address list from a scanner (or buys a list) and loads it into a DDoS attack tool • Providers offer stressor tools that use reflection attacks in DDoS-as-a-service • Malicious actors pay DDoS tools developers subscription fees • This economy depends on vulnerable servers

  6. Protect your servers: How to turn off CHARGEN • Older Microsoft Windows Servers are most common source of CHARGEN attack traffic • Example: How to turn off CHARGEN on Windows Server 2000 • Step 1: • Open the server configuration panel • Select the Advanced drop down menu • Select OptionalComponents • Step 2: • Select Networking Services • Click Details

  7. Protect your servers: Turn off CHARGEN, continued This step removes the following services: CHARGEN, Daytime, Discard, Echo and Quote of the Day • Step 3: • Uncheck Simple TCP/IP Services • Click OK

  8. Protect your servers: Turn off CHARGEN, continued • Steps 4-6: • Click Next, Next, andFinish • Once you complete these steps, the CHARGEN protocol will be closed and will not respond to requests • As a result, attackers can’t use your server to generate CHARGEN attack traffic

  9. Learn more • Download the Q3 2013 Global DDoS Attack Report at www.prolexic.com/attackreports • The attack report includes: • Why reflection attacks are increasingly popular • Parts of a CHARGEN attack, step by step • Details of real attacks stopped by Prolexic • Players in the reflection attack (DrDoS) marketplace • How to turn off CHARGEN to protect your servers from being used in attacks

  10. About Prolexic • Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services. • Prolexic has successfully stopped DDoS attacks for more than a decade. • We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers.

More Related