Slashdot Mirror

← Back to Stories (view on slashdot.org)

600,000 TFTP Servers Can Be Abused For Reflection DDoS Attacks

Posted by timothy on Saturday March 12, 2016 @01:31AM from the doesn't-mean-they-should-be dept.

An anonymous reader writes: Researchers have discovered that improperly configured TFTP servers can be easily abused to carry out reflection DDoS attacks that can sometimes have an amplification factor of 60, one of the highest such values. There are currently around 600,000 TFTP servers exposed online, presenting a huge attack surface for DDoS malware developers. Other protocols recently discovered as susceptible to reflection DDoS attacks include DNSSEC, NetBIOS, and some of the BitTorrent protocols.

2 of 47 comments (clear)

Min score:

Reason:

Sort:

Public TFTP server ? by lbalbalba · 2016-03-12 01:44 · Score: 4, Insightful

Perhaps it's just me, but why would anyone want to run a *publicly* accessible tftp server in the first place ?
1. Re:Public TFTP server ? by msauve · 2016-03-12 02:12 · Score: 5, Insightful
  
  Same reason someone might want to run a *publicly* accessible http server - to make content available.
  
  The correct question is why do ISPs allow packets to enter their networks with spoofed source addresses, something upon which reflection attacks depend. BCP38 has been around for over 15 years, and the problem and solution were well known before that.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law