300,000 Systems Vulnerable to New Loop DoS Attack

20-Mar-24

The experts have demonstrated a loop DoS attack where an attacker uses IP spoofing to get two servers to communicate with each other indefinitely over a protocol they both use.


“The newly discovered DoS loop attack is self-perpetuating and targets application-layer messages. It pairs two network services in such a way that they keep responding to one another’s messages indefinitely. In doing so, they create large volumes of traffic that result in a denial of service for involved systems or networks,” the researchers explained.


The list of protocols confirmed to be impacted includes NTP, DNS and TFTP, as well as legacy protocols such as Echo, Chargen and QOTD. However, the experts believe several others are likely impacted as well.


The new CVE identifiers CVE-2024-1309 and CVE-2024-2169 have been assigned to the vulnerabilities involved in the new loop DoS attack.


According to an advisory from the CERT Coordination Center at Carnegie Mellon University, CVE-2024-2169 has been confirmed to impact products from Broadcom, Honeywell, Microsoft, and MikroTik. Potentially impacted vendors were notified in December 2023.

Read More…