Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks, security firm Netscout said in an alert on Tuesday.Not all RDP servers can be abused, but only systems where RDP authentication is also enabled on UDP port 3389 on top of the standard TCP port 3389.Netscout said that attackers can send malformed UDP packets to the UDP ports of RDP servers that will be reflected to the target of a DDoS attack, amplified in size, resulting in junk traffic hitting the target’s system.This is what security researchers call a DDoS amplification factor, and it allows attackers with access to limited resources to launch large-scale DDoS attacks by amplifying junk traffic with the help of internet exposed systems.In the case of RDP, Netscout said the amplification factor is 85.9, with the attackers sending a few bytes and generating “attack packets” that are “consistently 1,260 bytes in length.”An 85.9 factor puts RDP in the top echelon of DDoS amplification vectors, with the likes of Jenkins servers (~100), DNS (up to 179), WS-Discovery (300-500), NTP (~550), and Memcached (~50,000).RDP servers already abused for real-world attacksBut the bad news don’t end with the… Read full this story
- NTP and Linux - The Natural Link
- Considering Product Activation? You Need to Think About These 10 Issues
- Your Employees Must Be As Knowledgeable in Hacking Matters
Windows RDP servers are being abused to amplify DDoS attacks have 227 words, post on www.zdnet.com at January 22, 2021. This is cached page on IT Breaking News. If you want remove this page, please contact us.