Time
2 weeks
Location
UK
Sector
Security
Description
The client’s request was to conduct research on Distributed Denial of Service (DDoS) attacks originating from UPnP (Universal Plug and Play) gateway internet devices. These attacks exploited vulnerabilities in UPnP protocol implementations across consumer devices, effectively hiding the source of the malicious traffic.
Solution
To address this issue, we developed a solution capable of detecting Internet Gateway Device (IGD) parameters when a vulnerable device initiated a DDoS attack. It could identify these parameters and utilize a specifically crafted SOAP/XML payload to remove NAT entries and close connections responsible for sending DDoS traffic to the client’s infrastructure.
Results
The developed solution provided active defense against DDoS attacks, bypassing censorship, and combating issues such as spamming, phishing, and affiliate or click fraud. It successfully identified over 4.8 million devices vulnerable to UDP Simple Service Discovery Protocol (SSDP) inquiries. This information empowered the client’s security service to mitigate potential vulnerabilities by addressing and securing these devices.