An attacker can send requests to closed ports on devices in a communications service provider (CSP) network under the guise of other devices in the same network. The second attack, described by Nexusguard and dubbed Black Storm, can target any network device.
As such, the researchers found more than 386,000 devices giving an amplification factor of over 100, with more than 97,000 of them over 500, and 192 of them over 51,000.
If a request for access to a banned resource is sent under the guise of the victim, the response from a middlebox can be significantly larger.
#Kaspersky new years party full#
Many of them can interfere with a TCP connection, for example, by blocking a connection to a banned resource, and they often react to packets received from one of the parties without seeing the full picture or monitoring the validity of the TCP session. The new attack, as described by the researchers, targets security devices located between the client and the server (so-called middleboxes) - firewalls, load balancers, network address translators (NAT), deep packet inspection (DPI) tools and others. If the victim receives a response from the server to a request they did not send, they simply discard this response. In contrast, the TCP protocol implements a three-way handshake in which the client and the server establish a connection and confirm they are ready to exchange traffic. To date, amplification attacks have mostly been carried out using the UDP protocol, since it does not require connection establishment procedures and allows IP spoofing. A team of researchers from the University of Maryland and the University of Colorado Boulder found a way to spoof the victim’s IP address over TCP. Q3 2021 brought two new DDoS attack vectors, potentially posing a serious threat, including for major web resources. Kaspersky Advanced Cyber Incident Communications.KasperskyEndpoint Detection and Response.KasperskyPhysical, Virtual & Cloud Workloads Security.KasperskyEndpoint Security for Business Advanced.KasperskyEndpoint Security for Business Select.Kaspersky Internet Security for Android.