CAMBRIDGE, Mass., July 1, 2015 /PRNewswire/ -- Akamai
Technologies, Inc. (NASDAQ: AKAM), the global leader in content
delivery network (CDN) services, published today, through the
company's Prolexic Security Engineering & Research Team
(PLXsert), a new cybersecurity threat advisory. The threat is
related to the increasing use of outdated Routing Information
Protocol version one (RIPv1) for reflection and amplification
attacks. The advisory detailing this threat in full is available
for download
here: http://www.stateoftheinternet.com/ripv1-reflection-ddos
What is RIPv1?
RIPv1 is a fast, easy way to dynamically share route information
using a small, multi-router network. A typical request is sent by a
router running RIP when it is first configured or powered on. From
there, any device listening for the requests will respond with a
list of routes and updates that are sent as broadcasts.
"This version of the RIP protocol was first introduced in 1988 –
more than 25 years ago under RFC1058," said Stuart Scholly, senior vice president and
general manager, Security Business Unit, Akamai. "While the
resurgence of RIPv1 after more than a year of dormancy is puzzling,
it's clear that attackers are exploiting their familiarity with
this thought-to-be-abandoned DDoS reflection vector. Leveraging the
behavior of RIPv1 to launch a DDoS reflection attack is quite
simple for an attacker – by using a normal broadcast query, the
malicious query can be sent as a unicast request directly to the
reflector. The attacker can then spoof the IP address source to
match the intended attack target – causing damage to the
network."
Using RIPv1 to launch a DDoS reflection attack
The PLXsert team's research shows that attackers prefer routers
with a large amount of routes in the RIPv1 database. Based on this
research, most of the attacks recognized had queries that resulted
in multiple 504 byte response payloads sent to a target with a
single request. A typical RIPv1 request contains only a 24 byte
payload, which proves that the attackers are getting a large amount
of unsolicited traffic flooding their intended target with a small
request.
The team studied an actual attack against an Akamai customer
that took place on May 16, 2015.
Research and non-intrusive scanning of the attack revealed that the
devices being leveraged for the RIP reflection attack were likely
not using enterprise-grade routing hardware. The team warns that
RIPv1 is working as designed and malicious actors will continue to
exploit this method as an easy way to launch reflection and
amplification attacks.
Threat mitigation
To avoid a DDoS reflection attack using RIPv1, consider one of
the following techniques:
- Switch to RIPv2, or later, to enable authentication
- Use an access control list (ACL) to restrict User Datagram
Protocol (UDP) source port 520 from the Internet
Akamai continues to monitor ongoing campaigns using RIPv1 to
launch DDoS reflection attacks. To learn more about the threat, and
mitigation techniques, please download a complimentary copy of the
threat advisory at www.stateoftheinternet.com.
About Akamai
As the global leader in Content Delivery Network (CDN) services,
Akamai makes the Internet fast, reliable and secure for its
customers. The company's advanced web performance, mobile
performance, cloud security and media delivery solutions are
revolutionizing how businesses optimize consumer, enterprise and
entertainment experiences for any device, anywhere. To learn how
Akamai solutions and its team of Internet experts are helping
businesses move faster forward, please visit www.akamai.com
or blogs.akamai.com, and follow @Akamai on Twitter.
Note: All product and company names are trademarks of their
respective organizations.
Contacts:
|
Rob Morton
Media Relations
617-444-3641
rmorton@akamai.com
|
--or--
|
Tom Barth
Investor Relations
617-274-7130
tbarth@akamai.com
|
Logo - http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/akamai-warns-of-an-uptick-in-ddos-reflection-attacks-using-abandoned-routing-protocol-300107332.html
SOURCE Akamai Technologies, Inc.