/plushcap/analysis/cloudflare/slp-new-ddos-amplification-vector

SLP: a new DDoS amplification vector in the wild

What's this blog post about?

Researchers Pedro Umbelino and Marco Lux have discovered a new DDoS reflection/amplification attack vector, CVE-2023-29552, exploiting the Service Location Protocol (SLP). The protocol was designed for service discovery in local area networks but has no authentication method and is not meant to be exposed to the public internet. Despite its obsolescence, many commercial products still support SLP, with 35,000 Internet endpoints having their devices' SLP service exposed. UDP version of this protocol has an amplification factor of up to 2,200x. Cloudflare customers are already protected from these attacks through the company's automated DDoS protection system. Network operators should block UDP port 427 or use Cloudflare Magic Firewall rules to prevent exploitation and launching of such attacks.

Company
Cloudflare

Date published
April 25, 2023

Author(s)
Alex Forster, Omer Yoachimik

Word count
311

Hacker News points
3

Language
English


By Matt Makai. 2021-2024.