New ‘Loop DoS’ Attack Affects Numerous Systems

A new form of denial-of-service (DoS) attack, known as a Loop DoS attack, has emerged, posing a significant risk to hundreds of thousands of systems. Researchers have identified this attack vector, which targets application-layer protocols using User Datagram Protocol (UDP).

The attack works by pairing servers of these protocols in a way that causes them to communicate indefinitely. This leads to a self-perpetuating loop that generates large volumes of traffic, resulting in a denial-of-service for the systems or networks involved. This attack is particularly effective against certain UDP implementations, including DNS, NTP, TFTP, Active Users, Daytime, Echo, Chargen, QOTD, and Time.

UDP’s design, which lacks source IP address validation, makes it vulnerable to IP spoofing. Attackers can exploit this vulnerability by forging UDP packets that include the victim’s IP address, causing the destination server to respond to the victim instead of the attacker. This type of attack is known as a reflected denial-of-service (DoS) attack.

The researchers explained that even the attackers themselves are unable to stop the attack once it is initiated. By exploiting vulnerabilities in the UDP protocol, threat actors can initiate communication between two application servers running a vulnerable version of the protocol. This causes the servers to exhaust each other’s resources, making them unresponsive.

While there is no evidence that this attack has been used in the wild, the researchers warned that its exploitation is straightforward. They identified multiple products from Broadcom, Cisco, Honeywell, Microsoft, MikroTik, and Zyxel that are affected by this vulnerability.

To prevent ‘Loop DoS’ attacks, organizations should implement network-level protections such as rate limiting, traffic filtering, and ingress and egress filtering. Additionally, ensuring that systems are updated with the latest security patches and conducting regular security audits can help mitigate the risk of such attacks. Organizations should also consider implementing intrusion detection and prevention systems (IDPS) to detect and block suspicious traffic patterns indicative of ‘Loop DoS’ attacks.