Malicious actors are using old routers in homes and small-scale networks to launch distributed denial of service, or DDoS, attacks, exploiting an extremely outdated routing protocol.
Content delivery network company Akamai issued a warning Wednesday that it had been monitoring an attack on one of its customers on May 16. Hackers used Routing Information Protocol version one, known as RIPv1, to launch a DDoS reflection attack. RIPv1, published in 1988, offers a way of transferring data inside small networks based on how servers talk to one another.
In an email to FedScoop, Jose Arteaga, senior security researcher for Akamai’s Prolexic Security Engineering and Research team, explained how this attack works:
‘It would be like sending a letter to someone that they must respond to, but instead of using your own address as the return, you put someone else’s,’ he wrote. ‘So imagine the letter is sent to thousands of different people, but the return address is always the same person. The thousands of people receiving the letter are like the RIPv1 reflector being abused, the person in the return address would be the target of the attack.’
Internet service providers are still deploying outdated equipment that use the old protocol, exposing vulnerabilities that malicious actors can exploit.
According to Akamai, the attack peaked at 12.8 gigabits per second at 3.2 million packets per second, which is a lower-sized attack. However, Arteaga said any organization or residence can be targeted by this attack as long as the protocol vulnerability remains open.
Akamai suggests switching to RIPv2 or using an access control list to restrict source port 520 from connecting to the Internet to avoid being used in further attacks.
Read Akamai’s full threat advisory, which provides the technical details, below.