www.prolexic.com

Printers, Routers Used in Cyber Attacks

How to protect your network

www.prolexic.com

The DrDoS attack: A popular cyber attack

• Distributed reflection and amplification denial of service attack, or DrDoS

• Malicious use of Internet protocols • Difficult to trace back to the origin, because

spoofing can mask the origin of the attack • Sysadmins can take specific actions to reduce the

vulnerability of their network devices and servers

2 CONFIDENTIAL

www.prolexic.com

Even printers may be hijacked by criminals using DrDoS attacks

• Support for common network protocols allows devices on your network to be employed in denial of service attacks

• Vulnerable devices include: – Printers – Cameras – Routers – Hubs – Sensors – Other network devices

3

www.prolexic.com

Secure your IT devices and infrastructure

• Three vulnerable network protocols used in devices: – Simple Network Management Protocol (SNMP) – Network Time Protocol (NTP) – Character Generation Protocol (CHARGEN)

• Like many other network protocols, these protocols were written with functionality, not security, in mind

• Can be used to misdirect and amplify responses to the attacker’s target

4 CONFIDENTIAL

Simple Network Management Protocol (SNMP)

• For communicating with IP-based devices, such as routers, switches, servers, printers, modems, IP video cameras, IP phones, network bridges, hubs, alarms and thermometers

• Transmits data about device components, measurements, sensor readings and variables

• Allows users to monitor these devices • Use of human-readable cleartext makes SNMPv1 and

v2 vulnerable to interception and modification • The origin of the transmission cannot be verified

• The white paper explains how to mitigate vulnerability to SNMP DrDoS attacks

5 www.prolexic.com

www.prolexic.com

Network Time Protocol (NTP)

• For synchronizing time and date information on computer clocks on the Internet

• Implemented on all major operating systems, network infrastructure devices and embedded devices

• Susceptible to spoofing, like the User Datagram Protocol (UDP) upon which is it built

• Attacker may cause multiple requests for time updates to be sent to multiple NTP hosts, directing their responses to the attacker’s target

• Team-Cymru authored a secure NTP server template that can be used as a baseline for DDoS protection against NTP reflection attacks

• The white paper provides a link to the Team-Cymru NTP server template

6 www.prolexic.com

www.prolexic.com

Character Generation Protocol (CHARGEN)

• Can be used for debugging network connections, network payload generating and bandwidth testing

• Two types of CHARGEN services: – TCP and UDP – UDP version is vulnerable to spoofing

• Misuse of the testing features may allow attackers to craft malicious network payloads and direct the responses to the attacker’s target

• The U.S. cyber security organization CERT recommends reconsidering whether these protocols are needed in your organization

• The white paper provides a link to details about the CERT recommendation

7

www.prolexic.com

Why protocol-based DrDoS attacks happen

• DrDoS protocol reflection attacks are possible due to the inherent design of the original architecture and structure of these protocols

• Closing the security gaps permanently would require creating new protocols, which is unlikely to happen in the short term

• By disabling or restricting unneeded functionality, sysadmins can eliminate these vulnerabilities

• Prolexic customers are protected from these attacks as part of our DDoS protection and mitigation services

8 www.prolexic.com

www.prolexic.com

Learn more in the white paper

• Download the DrDoS white paper: SNMP, NTP and CHARGEN attacks

• In this white paper, you’ll learn: – Three common network protocols used in reflection attacks – How SNMP, NTP and CHARGEN can be used malicious actors – How your printers and network devices may be employed by

cyber attackers – Specific action to minimize your network’s exposure and

mitigate protocol attacks – What the internet community could do to reduce the risk

9

www.prolexic.com

About Prolexic

• Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services.

• Prolexic has successfully stopped DDoS attacks for more than a decade.

• We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers.

10