Protocols Vulnerable to DDos Attacks

15/10/2021

As part of the Technology Hour included in the LACNIC 36 LACNOG 2021 program, LACNIC CSIRT presented a study on protocols that can be leveraged by DDoS attacks in Latin America and the Caribbean.

The purpose of the initiative was to improve the security levels of the systems that use IP resources in the LACNIC service region and thus contribute to Internet stability and resilience by minimizing their potential use in DDoS attacks.

In his presentation, LACNIC security analyst Guillermo Pereyra observed that attacks generally seek to affect the availability of a system or its speed. For example, when a person wants to visit a website, the goal of the attackers is for the website not to be available or for it to take longer than usual to respond, therefore making it difficult to access. “That is not good for information security; in fact, it is exactly what the attackers are trying to do,” he added.

Uncontrolled attacks. Multiple attack vectors are used, including the protocols exposed to the Internet. These allow the amplification of responses to certain queries and are used in various systems without the necessary security checks or configurations.

Pereyra listed the protocols the study found in our region that can amplify this type of attacks. 

The project also attempted to improve security systems and contribute to Internet security and resilience, in this case by reducing denial-of-service attacks.  

The study allowed identifying which systems expose open protocols in the LAC region and then alerting the affected organizations by sending emails with recommendations, as well as by holding joint meetings to help them solve their issues.

Pereyra stressed that LACNIC has experience in closing open protocols and that the idea behind this project had always been to help operators to correct these situations.

According to the statistics gathered by the study, a few organizations concentrate a large number of open protocols. Consequently, the project focused on the most affected organizations and contacted them to correct the situation. 

He concluded his presentation by stressing that, in the future, LACNIC will make the project public and organize a webinar with stakeholders to help them find solutions together.