WS-Discovery, or the WSD protocol, used in network devices like cameras, DVRs, and IoT products, is also the target of hackers.
An ArsTechnica article reports that the technique takes advantage of the protocol, which allows devices to send “user datagram protocol packets that describe the device capabilities and requirements over port 3702.”
Receivers of the probes can respond with replies that are much, much larger.
Hackers have found a new way to amplify the crippling effects of denial-of-service techniques by abusing an improperly implemented tool found in almost 1 million network-connected cameras, DVRs, and other Internet-of-things devices.
The WSD specification calls for probes and responses to be restricted to local networks, but over the past few months, researchers and attackers have started to realize that many Internet-of-things devices allow devices to send probes and responses over the Internet at large. The result: these improperly designed devices have become a vehicle capable of converting modest amounts of malicious bandwidth into crippling torrents that take down websites. — ArsTechnica
Content delivery network Akamai was investigating WSD amplification when a customer was hit with one of these denial of service attacks, which peaked at 35Gb per second of junk traffic, ArsTechnica says.
“It’s going to be pretty bad, especially once the bad guys figure it out,” Akamai researcher Chad Seaman told ArsTechnica about the WSD protocol hacking potential.
IoT devices have certainly been found to allow for threatening network-discovery protocols.
ArsTechnica reports that 81 million IPv4 addresses responded to a plug-and-play discovery request in 2013, even as the UPnP standard is not allowed to communicate with devices outside a network.