New ‘Loop DoS’ Attack Impacts Hundreds of Thousands of Systems

New ‘Loop DoS’ Attack Impacts Hundreds of Thousands of Systems

A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk.

Called Loop DoS attacks, the approach pairs “servers of these protocols in such a way that they communicate with each other indefinitely,” researchers from the CISPA Helmholtz-Center for Information Security said.

UDP, by design, is a connectionless protocol that does not validate source IP addresses, making it susceptible to IP spoofing.

Put simply, given two application servers running a vulnerable version of the protocol, a threat actor can initiate communication with the first server by spoofing the address of the second server, causing the first server to respond to the victim (i.e., the second server) with an error message.

The victim, in turn, will also exhibit similar behavior, sending back another error message to the first server, effectively exhausting each other’s resources and making either of the services unresponsive.

CISPA said an estimated 300,000 hosts and their networks can be abused to carry out Loop DoS attacks.

While there is currently no evidence that the attack has been weaponized in the wild, the researchers warned that exploitation is trivial and that multiple products from Broadcom, Cisco, Honeywell, Microsoft, MikroTik, and Zyxel are affected.