New Application-Layer Loop DoS Attack – 300,000 Online Systems At Risk

Denial-of-service (DoS) attacks are usually exploited by hackers to interrupt regular network and website functioning, with motives of making money or for political reasons or simply to create a mess. 

The websites or networks can be made unavailable through the Denial of Service (DoS) attack method which sends numerous requests for resources and traffic to the system.

Researchers at CISPA Helmholtz-Center for Information Security discovered a new Denial-of-Service attack vector called “Application-layer Loop DoS Attacks.” 

It targets UDP-based application protocols by pairing their servers to communicate indefinitely, affecting both legacy protocols like QOTD, Chargen, and Echo and contemporary ones like DNS, NTP, and TFTP. 

This vulnerability puts an estimated 300,000 Internet hosts and networks at risk of denial-of-service conditions.

Loop DoS Attack

The newly discovered self-perpetuating DoS loop attack targets application-layer messages by pairing two network services that keep responding indefinitely, creating large traffic volumes resulting in denial of service. 

Once triggered, even attackers cannot stop it. Previously, loop attacks occurred on routing layers with finite iterations. 

This attack by CISPA researchers concerns 300,000 Internet hosts, confirming vulnerabilities in TFTP, DNS, NTP, and six legacy protocols providing basic Internet functionalities like time synchronization, name-to-IP mapping, and unauthenticated file transfer.

Application-layer loop DoS attacks employ IP spoofing, enabling initiation from a single spoofing-capable host. 

For example, attackers could trigger a perpetual loop between two vulnerable TFTP servers by injecting one spoofed error message, causing them to exchange error messages and stress networks between them endlessly. 

These attacks differ from known network-layer loops, bypassing existing packet lifetime checks at that level and representing a novel vector unaddressed by current mitigations.

This novel attack vector is yet to be exploited in the wild, however, Rossow warns that if left unaddressed it could readily be used by malefactors. 

Rossow and Pan reported their discoveries concerning December 2023 to the relevant vendors and a consortium of trusted operators. 

Moreover, CISPA researchers coordinated with The Shadowserver Foundation for an advisory publication and notification campaign on application-layer loop DoS threat.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.