Botnet operators abuse VPN servers from VPN provider Powerhouse Management to bounce and amplify junk traffic in DDoS attacks.
The researcher said the main cause of this new DDoS vector is a yet-to-be-identified service running on UDP port 20811 on powerhouse VPN servers.
According to Phenomite, attackers can ping this port with a one-byte request, and the service will often respond with packets up to 40 times the size of the original packet.
Since these packets are UDP based, they can also be modified to include an incorrect return IP address. This means that an attacker could send a single-byte UDP packet to a powerhouse VPN server, which would then amplify it and send it to the IP address of a victim of a DDoS attack – what security researchers call …