Over 100,000 devices can be used to amplify DDoS attacks via multicast DNS

Over 100,000 devices have a misconfigured service called multicast DNS that accepts requests from the Internet and can potentially be abused to amplify distributed denial-of-service (DDoS) attacks.

The multicast Domain Name System (mDNS) is a protocol that allows devices on a local network to discover each other and their services. It is used both by PCs and embedded devices like network attached storage (NAS) systems, printers and others.

The mDNS protocol allows queries to be sent to a specific machine using its unicast address. However, the official specification recommends that when receiving such queries, the mDNS service should check before responding that the address that made the request is located in the same local subnet. If it’s not, the request should be ignored.

A security researcher named Chad Seaman discovered that some mDNS implementations don’t follow this recommendation and will respond to mDNS queries received from the Internet. The problem with this behavior is twofold.

Read the Full Article: Source – PC World
http://www.pcworld.com/article/2904972/over-100000-devices-can-be-used-to-amplify-ddos-attacks-via-multicast-dns.html

source not found

Related Article

Leave a Reply