New DDoS attack avenue can be blocked: Level 3

News about security breaches affecting major companies is now becoming commonplace. Just two days ago, hackers posted sensitive information about users of Ashley Madison. Now Toronto-based telecom vendor Level 3 Communications has revealed a new form of DDoS reflection attack, dubbed Portmap.

According to the company, hosting and gaming companies are the ones which have been hit the most in the past few weeks. If this vulnerability is not checked or at least slowed down, it could affect several other verticals. Portmap is a mechanism which allows Remote Procedure Call (RPC) services to register in order to make calls to the Internet. It is like a phone directory service for RPC. When a client needs a particular service, the directory is searched through in order to find the right combination. It works on both Unix and Windows systems.

Here’s an example of how it works. Suppose you wish to mount a Windows drive on a Unix system. Portmap will kick in and tell Unix where the drive is actually placed and provide it with the required port number.

Hackers are able to exploit Portmap because many organizations have left it running openly on the web. Hence, the hackers can use it to query a large amount of information and overwhelm the systems. Besides that, the hackers query and redirect the received data back to the organization’s enterprise systems which paralyzes the networks.

The method is amplified by querying large amounts of data and the Portmap system sending back seven to 27 times the traffic back to the organization. The company indicated that other reflection based DDoS attacks have remained fairly steady in numbers while Portmap has increased exponentially in the past few weeks.

Level 3 findings suggest that there are over a million machines that run Portmap openly on the Internet. The simple solution to the problem would be to filter them away from the Internet. Besides Portmap there are several other RPC related services which connect to the internet. These too could be used for a DDoS attack. Removing their access to the Internet should be considered a best practice, concludes the blog post.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Wolston Lobo
Wolston Lobo
Wolston is a social media and SEO enthusiast. He has previously worked with brands like Gillette and Channel V. He is passionate about gadgets and loves the internet served with a hot cup of coffee.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.