“Implementations of UDP application protocol are vulnerable to network loops,” according to the vulnerability’s NVD entry. “An unauthenticated attacker can use maliciously crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.”
CISPA researchers explained the attack loop can be initiated by sending one single IP-spoofed error message to either of a pair of faulty servers. “The vulnerable servers would then continue to send each other error messages, putting stress on both servers and on any network link between them,” the researchers said in the blog.
Once a trigger is injected and the loop set in motion, even the attackers are unable to stop the attack, according to the blog.
The vulnerability affects legacy protocols including Daytime, Time, Active Users, Echo, Chargen, and QOTD, as well as contemporary protocols like TFTP, DNS, and NTP, of the application layer.
Switching to TCP can help
Although no known exploits of this vulnerability have been reported to date, CISPA warns that the vulnerability has the potential to affect close to 300,000 internet hosts, along with the networks they expose.
“As far as we know, this kind of attack has not yet been carried out in the field. It would, however, be easy for attackers to exploit this vulnerability if no action were taken to mitigate the risk”, said Christian Rossow, one of the CISPA researchers who made the discovery, in the blog.