Experts warn organizations about using their STUN servers in DDoS attacks

STUN servers

Custom DDoS operators began using STUN servers to amplify their attacks.

Application and network performance management solutions provider NETSCOUT has alerted organizations to an increase in DDoS attacks using STUN servers.

The Session Traversal Utilities for NAT (STUN) protocol acts as a tool for other protocols when working with the Network Address Translator (NAT) traversal and helps applications discover NAT settings and firewalls between them and the Internet. STUN also allows applications to determine their NAT-assigned public IP addresses.

According to NETSCOUT, the attackers have added amplification and reflection techniques using STUN to their services for carrying out custom DDoS attacks. Although the gain rate is only 2.32 to 1, it is very difficult to defend against UDP amplification and reflection attacks with STUN services because it is very difficult to block them without blocking legitimate traffic.

NETSCOUT specialists have discovered more than 75 thousand STUN servers that can be used to carry out DDoS attacks. In addition, experts recorded a large number of multi-vector attacks using STUN.

The power of recorded single-vector attacks using STUN ranged from ~ 15 Gb / s to ~ 60 Gb / s. The power of multi-vector attacks reached 2 TB / s.

As noted by the experts, organizations whose STUN servers are used by cybercriminals to carry out DDoS attacks may also face failures. NETSCOUT has provided a set of recommendations for network operators and other organizations to prevent and mitigate DDoS attacks using STUN.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply