Trivial path for DDoS amplification attacks found by infosec bods

Security researchers have discovered a new vector for DDoS amplification attacks – and it's quite literally trivial.

Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years.

Researchers at Edinburgh Napier University have discovered that the TFTP protocol (Trivial File Transfer Protocol) might be abused in a similar way. Unlike DNS and NTP, TFTP has no business being exposed on internet-facing systems. Yet port scanning research indicated that there about 599,600 publicly open TFTP servers.

Tags: