Botnet operators abuse VPN servers from VPN provider Powerhouse Management to bounce and amplify junk traffic in DDoS attacks.

This new DDoS vector was discovered and documented by a security researcher going online Phenomitewho shared his findings With ZDNet last week.

The researcher said the main cause of this new DDoS vector is a yet-to-be-identified service running on UDP port 20811 on powerhouse VPN servers.

According to Phenomite, attackers can ping this port with a one-byte request, and the service will often respond with packets up to 40 times the size of the original packet.

Since these packets are UDP based, they can also be modified to include an incorrect return IP address. This means that an attacker could send a single-byte UDP packet to a powerhouse VPN server, which would then amplify it and send it to the IP address of a victim of a DDoS attack – what security researchers call …

Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.