Thousands of online systems could be victim of dangerous new DoS attack

News
By Sead Fadilpašić
published

Researchers discover a new way to DoS hundreds of thousands of systems

Concept art representing cybersecurity principles
Nytt DDoS-rekord (Image credit: Shutterstock / ZinetroN)

Hackers can render network services completely useless, by putting them in an infinite communications loop. The loop generates large volumes of traffic, which is why the attack is being dubbed “Loop DoS”.

This looped denial-of-service attack was discovered by cybersecurity researchers at the CISPA Helmholtz-Center for Information Security, BleepingComputer reports. It abuses a vulnerability in the User Datagram Protocol (UDP), which allows for IP spoofing and doesn’t properly verifies traffic packets. 

The vulnerability is tracked as CVE-2024-2169, and by exploiting it, the researchers put the vulnerable endpoints into an endless loop of traffic generation. As a result, the target systems were unable to service legitimate requests. All it takes is a single host sending one message that starts the communications loop.

Endless loop DoS

Researchers from the Carnegie Mellon CERT Coordination Center (CERT/CC) hint that the vulnerability is relatively dangerous, as it allows threat actors to turn a service unusable, or even worse - cause entire networks to go offline. 

CISPA’s Yepeng Pan, and Professor Dr. Christian Rossow, claim that multiple protocols are vulnerable, including both outdated ones (QOTD, Chargen, Echo), and those currently in use (DNS, NTP, TFTP).

"If two application servers have a vulnerable implementation of said protocol, an attacker can initiate a communication with the first server, spoofing the network address of the second server (victim)," CERT/CC said. "In many cases, the first server will respond with an error message to the victim, which will also trigger a similar behavior of another error message back to the first server." 

Roughly 300,000 internet hosts are said to be vulnerable to this exploit, with Broadcom, Cisco, Honeywell, Microsoft, and MikroTik all confirming being affected. 

The flaw is relatively easy to exploit, the researchers added, but concluded that there is no evidence that anyone used it already.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.