[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAG7n6UqvHZmS6Gkbw3hM_AQxfbW7TGSMkqhViFhphusBOj19RA@mail.gmail.com>
Date: Tue, 24 Jun 2014 11:31:27 +0200
From: "Pablo A." <pablo.alobera@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION
VULNERABILITIES
*R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION VULNERABILITIES*
As part of our project Master Thesis, we have discovered several UDP
amplifications which can be used on distributed reflection denial of
service attacks (DRDoS). We found vulnerabilities on mobile games, SIP,
and Citrix ICA Browser. Despite the fact that mobile games are not
implemented on enough number to become a threat, SIP and ICA seems to be a
real risk, specially ICA, who can have an amplification from 25 to 40+ per
every dispatched byte.
As a proof of concept, we’ve developed also an application, called r2dr2 .
This application receives the configuration from JSON files, and it has
been developed to be highly customizable. Our main aim it was to create a
tool able to exploit vulnerabilities found not only for us but also any
other researcher; and we have found that works very well with many
protocols.
For downloading the r2dr2 tool and more information, please visit the link
below:
http://www.securitybydefault.com/2014/06/r2dr2-analysis-and-exploitation-of-udp-amplification-vulns.html
@daniel0x00 <https://twitter.com/daniel0x00>
@IllegalPointer <https://twitter.com/illegalpointer>
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists