DDoS Attack Threats | SNMP Reflection Threat Advisory | Akamai Presentation PowerPoint PPT Presentation

presentation player overlay
About This Presentation
Transcript and Presenter's Notes

Title: DDoS Attack Threats | SNMP Reflection Threat Advisory | Akamai Presentation


1
SNMP Reflection DDoS Attacks
  • Highlights from a Prolexic DDoS Threat Advisory

2
SNMP Attacks on the Rise
  • Since April 11, 2014, Prolexic has observed a
    marked resurgence in the use of Simple Network
    Management Protocol (SNMP) reflection attacks
  • SNMP is a commonly-used protocol in many devices
    for the home and office
  • SNMP devices like printers, routers, servers,
    modems, and desktops can provide DDoS reflection
    and amplification for attackers

3
Why SNMP?
  • Although the latest version is more secure,
    devices more than about three years old use SNMP
    v2, which is openly accessible to public request
    by default
  • Protocol-based attacks rise and fall in
    popularity right now new SNMP reflection tools
    in the underground are driving a surge in
    popularity of this attack

4
SNMP Attack Statistics
5
SNMP Attacks in 2014
  • 14 DDoS campaigns using the protocol have been
    observed since April 11, 2014
  • As devices are discovered to be participating in
    attacks, their IP addresses are blacklisted by
    the Internet community, leading to smaller attack
    sizes
  • However, malicious actors will continue to
    identify additional devices vulnerable to SNMP
    reflection
  • The remaining vulnerable servers are continuing
    to make this attack dangerous

6
How SNMP Attacks Work
  • GetBulk Dumps many values stored on the device
  • IP addresses on a router, what kind of toner is
    in the printer, or similar data
  • The tool sends GetBulk requests to vulnerable
    SNMP-enabled devices, pretending to be the target
  • The device then sends the GetBulk information to
    the target

7
How SNMP Attacks Work (continued)
  • The resulting response can be greatly amplified
  • In one real attack, a single 37-byte request
    packet generated a 64,000-byte response split
    across 44 packets
  • This is an amplification factor of more than
    1,700 times
  • Any device configured to listen to SNMP v2
    requests could become a reflector in such an
    attack

8
Dont Be Part of an Attack Configure Your SNMP
Devices Properly
  • It is essential that network administrators help
    take down vulnerable devices
  • Scan for devices on your network that have the
    default public community string and limit public
    access
  • Devices such as printers shouldnt be open to the
    Internet
  • When possible, use SNMP v3

9
Threat Advisory NTP AMP DDoS toolkit
  • Download the threat advisory, Threat Advisory
    SNMP Reflection DDoS Attacks
  • This DDoS threat advisory includes
  • How to identify an attack from the SNMP
    Refelector DDoS tool
  • Analysis of the source code
  • Payload analysis
  • IDS Snort rule and attack signatures
  • Remediation instructions for owners of devices
    that support the SNMP v2 protocol

10
About Prolexic (now part of Akamai)
  • We have successfully stopped DDoS attacks for
    more than a decade
  • Our global DDoS mitigation network and 24/7
    security operations center (SOC) can stop even
    the largest attacks that exceed the capabilities
    of other DDoS mitigation service providers
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2026 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "DDoS Attack Threats | SNMP Reflection Threat Advisory | Akamai Presentation" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!