Loop DoS: New Denial-of-Service Attack targets Application-Layer Protocols

idw-News App:

Share on:

03/19/2024 07:36

Loop DoS: New Denial-of-Service Attack targets Application-Layer Protocols

Eva Michely Unternehmenskommunikation
CISPA Helmholtz Center for Information Security

A new Denial-of-Service (DoS) attack targets application-layer protocols that draw on the
User Datagram Protocol (UDP) for end-to-end communication. ‘Application-layer Loop
DoS Attacks’ pair servers of these protocols in such a way that they communicate with
each other indefinitely. The vulnerability affects both legacy (e.g., QOTD, Chargen, Echo)
and contemporary (e.g., DNS, NTP, and TFTP) protocols. Discovered by researchers of the
CISPA Helmholtz-Center for Information Security, the attack puts an estimated 300,000
Internet hosts and their networks at risk.

The newly discovered DoS loop attack is self-perpetuating and targets application-layer
messages. It pairs two network services in such a way that they keep responding to one
another’s messages indefinitely. In doing so, they create large volumes of traffic that result in a denial of service for involved systems or networks. Once a trigger is injected and the loop set in motion, even the attackers are unable to stop the attack. Previously known loop attacks occurred on the routing layer of a single network and were limited to a finite number of loop iterations.

An estimated 300,000 Internet hosts can be abused

Discovered by CISPA researchers Yepeng Pan and Professor Dr. Christian Rossow, application-layer loop DoS attacks are likely to concern a total of 300,000 Internet hosts. So far, Pan and Rossow have confirmed vulnerabilities for TFTP, DNS and NTP implementations as well as for the six legacy protocols Daytime, Time, Active Users, Echo, Chargen and QOTD. These protocols are widely used to provide basic functionalities on the Internet. While NTP, for instance, allows for time synchronization between computers, DNS matches domain names to their corresponding IP addresses. TFTP enables the transmission of files without user authentication.

Attacks can be triggered from a single spoofing-capable host

Application-layer loop DoS attacks rely on IP spoofing and can be triggered from a single
spoofing-capable host. “For instance, attackers could cause a loop involving two faulty TFTP servers by injecting one single, IP-spoofed error message. The vulnerable servers would then continue to send each other TFTP error messages, putting stress on both servers and on any network link between them”, Rossow explains. Pan stresses the novelty of this attack vector: “The application-level loops we discovered differ from known network-layer loops. Hence, existing packet lifetime checks employed at the network level are unable to interrupt application-layer loops.”

Easy to exploit

“As far as we know, this kind of attack has not yet been carried out in the field. It would,
however, be easy for attackers to exploit this vulnerability if no action were taken to mitigate
the risk”, Rossow says. In December 2023, Rossow and Pan disclosed their discovery to the
affected vendors and a trusted operator community. The two CISPA researchers coordinated a plan for the publication of an attack-specific advisory and started a notification campaign
together with The Shadowserver Foundation.

Contact for scientific information:

Prof. Dr. Christian Rossow
rossow@cispa.de
https://cispa.de/en/people/rossow

More information:

https://cispa.saarland/group/rossow/Loop-DoS From March 19, 2024, the attack specific advisory will be accessible via this link.

Images

Illustration "Application-Layer Loop DoS Attacks"

CISPA

Criteria of this press release:
Journalists, Scientists and scholars, Students
Information technology
transregional, national
Research results
English

Extent of search

Search in Press Releases Search in Events

Type of press release

Types of events

Subject areas

- Advanced scientific education [i]
- Contests / awards [i]
- Cooperation agreements [i]
- Miscellaneous scientific news/publications [i]
- Organisational matters [i]
- Personnel announcements [i]
- Press events [i]
- Research projects [i]
- Research results [i]
- Schools and science [i]
- Science policy [i]
- Scientific conferences [i]
- Scientific Publications [i]
- Studies and teaching [i]
- Transfer of Science or Research [i]
- Select all
- (Student) information event / Fair [i]
- Conference / symposium / (annual) conference
- Excursion
- Exhibition / cultural event / festival [i]
- Presentation / colloquium / lecture [i]
- Press conferences [i]
- Programms for children + young people [i]
- Seminar / workshop / discussion [i]
- Select all
- Art / design [i]
- Biology [i]
- Chemistry [i]
- Construction / architecture [i]
- Cultural sciences [i]
- Economics / business administration [i]
- Electrical engineering [i]
- Energy [i]
- Environment / ecology [i]
- Geosciences [i]
- History / archaeology
- Information technology [i]
- Language / literature [i]
- Law [i]
- Materials sciences [i]
- Mathematics [i]
- Mechanical engineering [i]
- Media and communication sciences [i]
- Medicine [i]
- Music / theatre [i]
- Nutrition / healthcare / nursing [i]
- Oceanology / climate [i]
- Philosophy / ethics [i]
- Physics / astronomy [i]
- Politics [i]
- Psychology [i]
- Religion [i]
- Social studies [i]
- Sport science [i]
- Teaching / education [i]
- Traffic / transport [i]
- Zoology / agricultural and forest sciences [i]
- interdisciplinary [i]
- Select all

Date of publication

Start date

End date

- Austria
- Denmark
- France
- Germany
- Hungary
- Israel
- Italy
- Japan
- Liechtenstein
- Luxembourg
- Netherlands
- Sweden
- Switzerland
- United Kingdom
- other
- Select all
- English
- German
- Baden-Württemberg
- Bayern
- Berlin
- Brandenburg
- Bremen
- Hamburg
- Hessen
- Mecklenburg-Vorpommern
- Niedersachsen
- Nordrhein-Westfalen
- Rheinland-Pfalz
- Saarland
- Sachsen
- Sachsen-Anhalt
- Schleswig-Holstein
- Thüringen
- Select all
- Burgenland
- Carinthia
- Lower Austria
- Salzburg
- Styria
- Tyrol
- Upper Austria
- Vienna
- Vorarlberg
- Select all
- Aargau
- Appenzell Ausserrhoden
- Appenzell Innerrhoden
- Basel-Landschaft
- Basel-Stadt
- Bern
- Fribourg
- Geneva
- Glarus
- Graubünden
- Jura
- Lucerne
- Neuchâtel
- Nidwalden
- Obwalden
- Schaffhausen
- Schwyz
- Solothurn
- St. Gallen
- Thurgau
- Ticino
- Uri
- Valais
- Vaud
- Zug
- Zürich
- Select all

Selected relevance for distribution when published

Target groups

- local
- regional
- transregional, national
- international
- Select all
- Business and commerce
- Journalists
- Scientists and scholars
- Students
- Teachers and pupils
- all interested persons
- Select all

idw-News App:

Loop DoS: New Denial-of-Service Attack targets Application-Layer Protocols

Eva Michely Unternehmenskommunikation CISPA Helmholtz Center for Information Security

Contact for scientific information:

More information:

Advanced Search

Extent of search

Date of publication

Help

Search / advanced search of the idw archives

Combination of search terms

Brackets

Phrases

Selection criteria

Eva Michely Unternehmenskommunikation
CISPA Helmholtz Center for Information Security