Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations

Overview The Universal Plug and Play UPnP protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. Description The UPnP protocol, as specified by the Open Connectivity Foundation OCF, is designed to provide automatic...

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service DDoS attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to...

1.7 Tbps DDoS Attack — ​Memcached UDP Reflections Set New Record

The bar has been raised. As more amplified attacks were expected following the record-breaking 1.35 Tbps Github DDoS attack, someone has just set a new record after only four days — 1.7 Tbps DDoS attack. Network security and monitoring company Arbor Networks claims that its ATLAS global traffic a...

CVE-2000-0041

Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack...