Professional Documents
Culture Documents
Overview
In June of 2014, Akamai first observed a new type of
DDoS attack
The attack is a reflection-and-amplification attack
powered by SSDP (Simple Service Discovery Protocol)
The protocol is used by a wide array of networked home
and office devices; more than 4 million devices worldwide
have been found to be vulnerable
The attack is likely to continue evolving and expanding
into the DDoS-for-hire ecosystem
What is SSDP?
SSDP is short for Simple Service Discovery Protocol, a part of
the Universal Plug and Play (UPnP) protocol standard
Common networked home and office devices, such as
webcams and routers, use it to seamlessly discover each other
on a network, share data, and communicate
Communication takes place using SOAP (Simple Object
Access Protocol), which is used to deliver control messages to
UPnP devices and pass information back
By default, many devices are configured to take SOAP
requests directly from the Internet, making them vulnerable to
abuse by malicious actors
Observed Campaigns
One campaign successfully mitigated by Akamai used a large
number of UPnP devices to target an Akamai customer
Peak traffic from the attacker reached 54.35 Gbps and 17.95
Mpps
UPnP-based reflection attacks have been directed at a variety
of industries since July, including entertainment, payment
processing, education, media, and hosting
Akamai
Scrubbing Center
San Jose
London
Hong Kong
Washington
D.C.
Frankfurt
6.60 Gbps
6.60 Gbps
20.40 Gbps
2.05 Mpps
1.20 Mpps
5.60 Mpps
1.90 Mpps
7.10 Mpps
Conclusion
The DDoS ecosystem is continually evolving just a few
months after the first observed attack, several tools had
already spread throughout the ecosystem and many attacks
had been launched
The massive volume of vulnerable devices and difficulties of
cleanup mean that the attack is likely to become a continuing
part of the DDoS-for-hire ecosystem
Further development and refinement of UPnP attack is likely to
continue in the near future
Action from firmware, application, and hardware vendors will
be necessary to mitigate this threat
About Akamai
Akamai is the leading provider of cloud services for helping enterprises
provide secure, high-performing user experiences on any device,
anywhere. At the core of the Company's solutions is the Akamai
Intelligent Platform providing extensive reach, coupled with unmatched
reliability, security, visibility and expertise. Akamai helps enterprises
around the world optimize the web experience with SaaS cloud
computing solutions including web application acceleration, mobile and
web performance optimization, web media delivery and content delivery
network (CDN) services, Akamai's cloud security solutions protect online
assets against threats such as SQL Injection and DDoS attacks for
maximum information security. Akamai removes the complexities of
connecting the increasingly mobile world, supporting 24/7 consumer
demand, and enabling enterprises to securely leverage the cloud.