Level 3 Warns of New DDoS Attack Vector
In hopes of warding off significant attacks, Level 3 Communications is trying to spread the word among ISPs of a major new distributed denial of service (DDoS) threat. The threat was identified after Level 3’s security monitoring detected unusual activity that appeared to be bad actors testing out and then using a new DDoS threat vector, Portmapper.
Portmapper services run on a standard server and are generally used only in corporate networks to identify available services that can be connected from the network. According to Level 3 Communications Inc. (Nasdaq: LVLT)’s intelligence, however, there are 1.1 million of these servers on the public Internet. Bad actors are currently sweeping the Internet looking for these servers and using them to launch amplified DDoS attacks, in a method similar to that used a couple of years ago to launch the largest DDoS attacks ever, using network time protocol servers.
In the case of the NTP attacks, which created DDoS storms of 400 gigabits to 500 gigabits in volume, the bad guys discovered a way to forge IP addresses in launching queries of the NTP servers, says Dale Drew, chief security officer at Level 3.