| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Jun 2014 11:31:27 +0200 From: "Pablo A." <pablo.alobera@...il.com> To: fulldisclosure@...lists.org Subject: [FD] R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION VULNERABILITIES *R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION VULNERABILITIES* As part of our project Master Thesis, we have discovered several UDP amplifications which can be used on distributed reflection denial of service attacks (DRDoS). We found vulnerabilities on mobile games, SIP, and Citrix ICA Browser. Despite the fact that mobile games are not implemented on enough number to become a threat, SIP and ICA seems to be a real risk, specially ICA, who can have an amplification from 25 to 40+ per every dispatched byte. As a proof of concept, we’ve developed also an application, called r2dr2 . This application receives the configuration from JSON files, and it has been developed to be highly customizable. Our main aim it was to create a tool able to exploit vulnerabilities found not only for us but also any other researcher; and we have found that works very well with many protocols. For downloading the r2dr2 tool and more information, please visit the link below: http://www.securitybydefault.com/2014/06/r2dr2-analysis-and-exploitation-of-udp-amplification-vulns.html @daniel0x00 <https://twitter.com/daniel0x00> @IllegalPointer <https://twitter.com/illegalpointer> _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists