DDoSers are abusing the Plex Media Server to make attacks more potent

Enlarge (credit: Getty Images)

Distributed denial-of-service attackers have seized on a new vector for amplifying the junk traffic they lob at targets to take them offline: end users or networks using the Plex Media Server.

DDoS amplification is a technique that leverages the resources of an intermediary to increase the firepower of attacks. Rather than sending data directly to the server being targeted, machines participating in an attack first send the data to a third party in the form of a request for a certain service. The third party then responds with a much larger payload to the site the attackers want to take down.

So-called amplification attacks work by sending the third parties requests that are manipulated so they appear to have come from the target. When the third parties respond, the replies go to the target rather than the attacker device that sent the request. One of the most powerful amplifiers used in the past was the memcached database caching system, which can magnify payloads by a factor of 51,000. Other amplifiers include misconfigured DNS servers and the Network Time Protocol, to name only three.

Read 5 remaining paragraphs | Comments

Categories: digitalTech