Table of Contents
‘Tis the season for holiday cheer, twinkling lights, and… DDoS attacks? While you’re decking the halls and checking your list twice, cyber attackers are working overtime to ruin someone’s holiday uptime. But fear not! Just like Santa has his naughty and nice list, we’ve compiled our own special countdown: the 12 Days of Christmas Attacks that SmartWall ONE™ blocks to keep your networks merry and bright.
Unwrapping the DDoS Threats Your Network Faces
Grab your hot cocoa, settle in by the firewall (see what we did there?), and join us as we unwrap the not-so-festive gift of DDoS attack vectors—and how SmartWall ONE keeps them from stealing your Christmas joy.
Sing along as we count down the threats we keep at bay.
On the twelfth day of Christmas, my SmartWall ONE blocked for me:
Christmas Tree Attacks
This couldn’t go without mentioning! An “old-school” vector where all options or flags (for example in TCP) are set, to “light the packet up like a Christmas tree.
Our SmartWall ONE mitigates TCP packets with invalid flag combinations automatically using built-in features, such as Packet and Smart-Rules Rules. This means that however many Destination IPs are being targeted, the attack will be completely blocked.
Carpet Bomb Attacks
Carpet Bombing refers to attacks which target entire or multiple Subnets. This can be tricky for solutions designed for single target IPs or when diverting traffic to mitigation infrastructure.
Our in-line SmartWall ONE offers sub-second protection against this attack methodology, with features across the platform designed for both single IP and Subnets
SYN Flood Attacks
TCP SYNs form an integral part of the TCP 3-Way-Handshake required for normal TCP communication, but flooding servers with these small, legitimately used packets consumes resources, making services unavailable.
Our SmartWall ONE built-in Smart-Rules and Threat Awareness features mitigate SYN Floods, ensuring your Business-critical services stay online.
Multi Vector Attacks
These days it’s becoming rare to see just one attack vector used in an attack. Vectors are grouped together using widely available tools, and defenses are continually tested, perhaps as a form of distraction from other nefarious activities.
Our SmartWall ONE provides a broad set of mitigation techniques, capable of operating in parallel at extremely high packet rates.
CoAP (Constrained Application Protocol) Amplification/Reflection Attacks
This simple, IETF web-based application layer protocol was designed to mimic HTTP. Abusable IoTs are identified (via scans), and the attacker launches a spoofed flood with the source IP set to the victim. Compromised IoTs respond to the victim with multiple, much larger amplified packets, overwhelming the victim.
Our DDoS Intelligence Service contains specific filters for this vector, providing intrinsic mitigation to protect your assets.
Multicast DNS Reflection DDoS Attacks
Thousands of spoofed DNS requests are sent from compromised devices to legitimate DNS servers, who in turn, send the answer to these fake requests to the Victim, causing capacity overload.
Our SmartWall ONE comes with baked in DNS protection mechanisms covering this attack vector, to allow legitimate DNS and block only the Attack.
Gaming static Token DDoS Attacks
Gaming services frequently come under attack through simple but effective vectors, such as sending large volumes of packets which are used legitimately as part of the gaming protocol, to overwhelm the game server and cause disruption for other players or to the gaming provider itself.
Our SmartWall ONE DDoS Intelligence Service contains gaming service protection filters, derived from real-world attacks, protecting many gaming hosting providers.
AISURU Botnet Attacks
This botnet has made many headlines in recent months, first identified by Xlabs, leveraging compromised router firmware, and it doesn’t seem to be slowing down. Attacks from this botnet have used many vectors, including UDP, TCP SYN and DNS amplification, mostly noted as very short-lived attacks, but of previously unheard-of volumes.
Our SmartWall ONE and DDoS Intelligence Service cover many of the attack vectors used by this and other botnet variants such as Mirai. Our broad toolset will have a mechanism to protect against new vectors automatically.
Weaponized Middlebox Attacks
Devices such as firewalls used within censorship infrastructure are abused to launch massive, long-duration TCP reflective amplification DDoS attacks. These can be complex attacks to unravel, with many vectors which change over time.
Our SmartWall ONE DDoS Intelligence Service has you covered. The service protects against TCP middlebox vectors, plus constant monitoring allows new vectors to be identified and added in-between software releases, keeping your defenses up to date.
NTP Monlist Amplification Attacks
An extremely common Amplification vector whereby the attacker exploits NTP functionality (Network Time Protocol, used to synchronize clocks) by sending spoofed small crafted UDP requests to an NTP server, which then sends responses of much larger size to the victim (the spoofed IP), causing it to be overwhelmed.
Our SmartWall ONE intrinsically mitigates this using built-in Packet Rules. This means that, however large or small, the attack will be completely blocked.
Memcached Amplification Attacks
Memcached is a free, open-source system employed to speed up websites by caching objects and data in RAM. In this attack, a request is sent to the server on port 11211, spoofing the IP address of the victim. The request sent to the server is composed of just a few bytes, while the response can be tens of thousands of times larger, resulting in an amplification attack.
Our SmartWall ONE built-in Smart-Rule features provide an effective and safe technique to mitigate Memcached and other amplification vectors.
SSDP Reflection Attacks
Simple Service Discovery Protocol (typically running on UDP/1900) is part of the Universal Plug and Play (UPnP) architecture and is used to advertise and discover network services. In SSDP reflection attacks, the attacker creates spoofed discovery packets which are sent (often via botnets) to plug-and-play devices. Like other amplification vectors, these packets are crafted to solicit the largest response from the devices (up to 30 times larger than the original request), which is then sent to the victim causing capacity to be overwhelmed.
Our SmartWall ONE Solution offers a flexible, tailorable configuration to make your mitigation as strict as required.
Don’t Let Grinches Steal Your Uptime
There you have it—12 attack vectors that threaten to turn your silent night into a chaotic one. But with SmartWall ONE protecting you with more layers than a festive sweater, these threats don’t stand a chance.
While cyber attackers are busy scheming new ways to cause mischief, our solution is busy blocking attacks with sub-second precision, comprehensive mitigation techniques, and around-the-clock protection. Because the only thing that should crash during the holidays is you on the couch after too much eggnog—not your network.
From all of us at Corero Network Security, we wish you a peaceful, protected, and joyful holiday season. May your networks be stable, your uptime be flawless, and your New Year be filled with zero DDoS incidents. Happy Holidays and Happy Mitigating!
Ready to give your network the gift of uninterrupted protection? Contact us today to learn how SmartWall ONE can keep your infrastructure secure all year long.
