• About
  • Contact
  • Privacy
  • Terms
  • DMCA
  • Sitemap
  • Write For Us
Friday, February 26, 2021
Daily illinois - USA | News, Sports & Updates Web Magazine
  • Covid-19
  • News
    • All
    • Education
    • Politics
    • Sports
    • World
    Pelosi mistakenly refers to Wisconsin Sen. Ron Johnson as 'Don Johnson'

    Pelosi mistakenly refers to Wisconsin Sen. Ron Johnson as ‘Don Johnson’

    What's wrong with UVa? Explaining the defending champs' fade before Selection Sunday

    What’s wrong with UVa? Explaining the defending champs’ fade before Selection Sunday

    Top 20 New Hampshire Union Leader RSS Feeds

    Markets rebound as inflation worries fade – business live

    Tucker Carlson Suggests QAnon Doesn't Exist Because He Can't Find Its Website

    Tucker Carlson Suggests QAnon Doesn’t Exist Because He Can’t Find Its Website

    Tiger Woods completed one of sport's greatest comebacks. Can he do it again?

    Tiger Woods is awake and recovering from surgery after serious accident

    US aviation body orders urgent probes of some Boeing 777 engines

    US aviation body orders urgent probes of some Boeing 777 engines

    Sangamon Auditorium - PHOTO COURTESY UIS VIA YOUTUBE/UISTUBE

    Letters to the editor 2/18/21

    Retired NYPD cop and Queens 'Republican Messiah' arrested in Capitol riot probe

    Retired NYPD cop and Queens ‘Republican Messiah’ arrested in Capitol riot probe

    Naomi Osaka Beats Jennifer Brady To Win Australian Open

    Naomi Osaka Beats Jennifer Brady To Win Australian Open

  • Science & Tech
    • All
    • Mobile
    How will NASA's Perseverance rover engineers pilot first helicopter on Mars?

    How will NASA’s Perseverance rover engineers pilot first helicopter on Mars?

    Sir David Attenborough narrates the "exhibits" in this AR iPhone app

    Sir David Attenborough narrates the “exhibits” in this AR iPhone app

    There's a secret code in the Mars rover's parachute

    There’s a secret code in the Mars rover’s parachute

    Spotify reveals HiFi tier, 80-country expansion, new exclusive podcasts

    Spotify reveals HiFi tier, 80-country expansion, new exclusive podcasts

    ‘Follow the Sun’ is a new Mac app to automate brightness and color temperature of HomeKit lights - 9to5Mac

    ‘Follow the Sun’ is a new Mac app to automate brightness and color temperature of HomeKit lights – 9to5Mac

    Democrats ask cable and streaming providers about their role in spreading misinformation ahead of Capitol riot

    Democrats ask cable and streaming providers about their role in spreading misinformation ahead of Capitol riot

    Bradley Voytek

    The Brain’s ‘Background Noise’ May Be Meaningful After All

    This Android's under-display selfie camera isn’t great, but it's a sign for future phones

    This Android’s under-display selfie camera isn’t great, but it’s a sign for future phones

    'Diagrams' Mac app updated with palette customization and M1 Macs support - 9to5Mac

    ‘Diagrams’ Mac app updated with palette customization and M1 Macs support – 9to5Mac

    Portland Apple Store ready to reopen after nearly nine months - 9to5Mac

    Portland Apple Store ready to reopen after nearly nine months – 9to5Mac

  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    What’s playing at the drive-in: 'Minari,' 'Tom & Jerry,' a Billie Eilish doc and more

    What’s playing at the drive-in: ‘Minari,’ ‘Tom & Jerry,’ a Billie Eilish doc and more

    Dennis Stroughmatt's Cajun-Creole Trio entertains at Hill Prairie Winery near Oakford this Saturday evening for a Mardi Gras celebration.

    February finals

    Woman drinking coffee and using laptop at home

    How To Stay Focused While Working From Home

    One Good Thing: Netflix’s Ginny & Georgia is so much more than a Gilmore Girls rip-off

    One Good Thing: Netflix’s Ginny & Georgia is so much more than a Gilmore Girls rip-off

    How did 'Drivers License' become the song of 2021? By exalting in the power of teen-girl melodrama

    How did ‘Drivers License’ become the song of 2021? By exalting in the power of teen-girl melodrama

    null

    Disney Plus: Everything to know about Disney’s streaming app

    'Superman & Lois' flies back to the Man of Steel's 'Smallville' roots

    ‘Superman & Lois’ flies back to the Man of Steel’s ‘Smallville’ roots

    Actress Mara Wilson empathizes with Britney Spears being sexualized as a child

    Actress Mara Wilson empathizes with Britney Spears being sexualized as a child

    'Drivers License' made its 'SNL' sketch debut and Olivia Rodrigo is 'shaking'

    ‘Drivers License’ made its ‘SNL’ sketch debut and Olivia Rodrigo is ‘shaking’

    Best running earbuds and headphones to use for 2021

    Best running earbuds and headphones to use for 2021

  • Lifestyle
    • All
    • Fashion
    • Food
    • Travel
    Shockingly Real Tom Cruise Deepfakes Are Invading TikTok

    Shockingly Real Tom Cruise Deepfakes Are Invading TikTok

    L.A. Affairs: Swiping for Mr. Right while freezing my eggs

    L.A. Affairs: Swiping for Mr. Right while freezing my eggs

    This sweet image, taken by South African photographer Brent Stirton, shows Itsazo Velez, the director at the Lwiro Primates Rehabilitation Centre in the Democratic Republic of Congo (DRC), introducing two new rescued baby chimps to the juvenile enclosure. This image has helped Stirton earn shortlisted status in the wildlife and nature category. He said: 'The chimps will be closely monitored by the keepers who live with the juvenile and baby chimps 24/7 in their enclosure and at night in their night dormitory. These chimps are all rescues and come from the bushmeat trade in DRC after their mothers were killed for bushmeat. The babies are often taken for sale and sometimes for pets. As a result, many of these chimps have lived lives of isolation, suffering and cruelty'

    Sony World Photography Awards 2021: Stunning images from shortlisted professional photographers

    pA tailored look from fallwinter 2021 Armani by way of New York.p

    Angelo Urrutia Picked a Hell of a Year to Launch His Brand—and He Wouldn’t Change a Thing

    New research reveals British pig farming is reducing carbon footprint

    'That Vegan Teacher' says TikTok ban won't silence her following petition, controversies

    ‘That Vegan Teacher’ says TikTok ban won’t silence her following petition, controversies

    Feed your moths and hide your trousers: the expert guide to making clothes last for ever

    Feed your moths and hide your trousers: the expert guide to making clothes last for ever

    L.A. Zoo reopens for the second time during the pandemic

    L.A. Zoo reopens for the second time during the pandemic

    These Beautiful Photos Celebrate Diversity In The Most Joyful Possible Way

    These Beautiful Photos Celebrate Diversity In The Most Joyful Possible Way

    Nestlé’s Cookie AI Looks Creepy As Hell, But Could Improve Your Baking

    Nestlé’s Cookie AI Looks Creepy As Hell, But Could Improve Your Baking

32 °f
Chicago
30 ° Fri
39 ° Sat
38 ° Sun
33 ° Mon
No Result
View All Result
Daily illinois - USA | News, Sports & Updates Web Magazine
No Result
View All Result
Home Science & Tech

DDoSers are abusing Microsoft RDP to make attacks more powerful

by Staff Writer
January 25, 2021
in Science & Tech
Reading Time: 3min read
0
Stylized illustration of a hooded figure at a laptop.
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter


Enlarge / Hacker attacking server or database. Network security, Database secure and personal data protection

Related posts

How will NASA's Perseverance rover engineers pilot first helicopter on Mars?

How will NASA’s Perseverance rover engineers pilot first helicopter on Mars?

February 25, 2021
Sir David Attenborough narrates the "exhibits" in this AR iPhone app

Sir David Attenborough narrates the “exhibits” in this AR iPhone app

February 25, 2021

DDoS-for-hire services are abusing the Microsoft Remote Desktop Protocol to increase the firepower of distributed denial-of-service attacks that paralyze websites and other online services, a security firm said this week.

Typically abbreviated as RDP, Remote Desktop Protocol is the underpinning for a Microsoft Windows feature that allows one device to log into another device over the Internet. RDP is mostly used by businesses to save employees the cost or hassle of having to be physically present when accessing a computer.

As is typical with many authenticated systems, RDP responds to login requests with a much longer sequence of bits that establish a connection between the two parties. So-called booter/stresser services, which for a fee will bombard Internet addresses with enough data to take them offline, have recently embraced RDP as a means to amplify their attacks, security firm Netscout said.

The amplification allows attackers with only modest resources to strengthen the size of the data they direct at targets. The technique works by bouncing a relatively small amount of data at the amplifying service, which in turn reflects a much larger amount of data at the final target. With an amplification factor of 85.9 to 1, 10 gigabytes-per-second of requests directed at an RDP server will deliver roughly 860Gbps to the target.

“Observed attack sizes range from ~20 Gbps – ~750 Gbps,” Netscout researchers wrote. “As is routinely the case with newer DDoS attack vectors, it appears that after an initial period of employment by advanced attackers with access to bespoke DDoS attack infrastructure, RDP reflection/amplification has been weaponized and added to the arsenals of so-called booter/stresser DDoS-for-hire services, placing it within the reach of the general attacker population.”

Advertisement

DDoS amplification attacks date back decades. As legitimate Internet users collectively block one vector, attackers find new ones to take their place. DDoS amplifiers have included open DNS resolvers, the WS-Discovery protocol used by IoT devices, and the Internet’s Network Time Protocol. One of the most powerful amplification vectors in recent memory is the so-called memcached protocol which has a factor of 51,000 to 1.

DDoS amplification attacks work by using UDP network packets, which are easily spoofable on many networks. An attacker sends the vector a request and spoofs the headers to give the appearance the request came from the target. The amplification vector then sends the response to the target whose address appears in the spoofed packets.

There are about 33,000 RDP servers on the Internet that can be abused in amplification attacks, Netscout said. Besides using UDP packets, RDP can also rely on TCP packets.

Netscout recommended that RDP servers be accessible only over virtual private network services. In the event RDP servers offering remote access over UDP can’t be immediately moved behind VPN concentrators, administrators should disable RDP over UDP as an interim measure.

Besides harming the Internet as a whole, unsecured RDP can be a hazard to the organizations that expose them to the Internet.

“The collateral impact of RDP reflection/amplification attacks is potentially quite high for organizations whose Windows RDP servers are abused as reflectors/amplifiers,” Netscout explained. “This may include partial or full interruption of mission-critical remote-access services, as well as additional service disruption due to transit capacity consumption, state-table exhaustion of stateful firewalls, load balancers, etc.”



Source by arstechnica.com

Share197Tweet123Share49
  • Trending
  • Comments
  • Latest
Van Morrison teams with Eric Clapton for anti-lockdown song

Van Morrison teams with Eric Clapton for anti-lockdown song

December 19, 2020
Sen. Rand Paul's ‘Festivus Report’ claims $54B in tax dollars was 'totally wasted'

Sen. Rand Paul’s ‘Festivus Report’ claims $54B in tax dollars was ‘totally wasted’

December 23, 2020
'Zombie' greenhouse gas lurks in permafrost beneath the Arctic Ocean

‘Zombie’ greenhouse gas lurks in permafrost beneath the Arctic Ocean

December 24, 2020
What’s playing at the drive-in: 'Minari,' 'Tom & Jerry,' a Billie Eilish doc and more

What’s playing at the drive-in: ‘Minari,’ ‘Tom & Jerry,’ a Billie Eilish doc and more

0
Fact check: New York Gov. Andrew Cuomo announced he would defer his annual raise

Fact check: New York Gov. Andrew Cuomo announced he would defer his annual raise

0
Swedish government sidelines epidemiologist who steered country's no lockdown experiment as deaths rise

Swedish government sidelines epidemiologist who steered country’s no lockdown experiment as deaths rise

0
What’s playing at the drive-in: 'Minari,' 'Tom & Jerry,' a Billie Eilish doc and more

What’s playing at the drive-in: ‘Minari,’ ‘Tom & Jerry,’ a Billie Eilish doc and more

February 26, 2021
Dennis Stroughmatt's Cajun-Creole Trio entertains at Hill Prairie Winery near Oakford this Saturday evening for a Mardi Gras celebration.

February finals

February 26, 2021
Woman drinking coffee and using laptop at home

How To Stay Focused While Working From Home

February 26, 2021
Daily illinois - USA | News, Sports & Updates Web Magazine

Copyright © 2020 Dailyillinois.com.

Navigate Site

  • About
  • Contact
  • Privacy
  • Terms
  • DMCA
  • Sitemap
  • Write For Us

Follow Us

No Result
View All Result
  • About Us Page
  • Contact
  • DMCA Policy
  • Home 1
  • Privacy Policy
  • Submit, Guest Post, Write For Us and Become a Contributor
  • Terms of Use

Copyright © 2020 Dailyillinois.com.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.