While tools like Zoom, WebEx or Microsoft Teams have made business communication much easier during the pandemic, it also opens up a new gateway for cybercriminals for DDoS attacks, as flood attack protocols are used, according to Radware.
Video conferencing systems work with the Real Time Protocol (RTP). RTP is based on the User Datagram Protocol (UDP), a protocol that offers neither guaranteed delivery of packets nor a mechanism for handling packets out of order.
UDP is a connectionless protocol that uses datagrams embedded in IP packets to communicate without establishing a session between two devices. In other words, it doesn't require a handshake procedure. While this allows for traffic with less overhead, it also makes UDP more vulnerable to abuse and a variety of flood attacks, including UDP flood attacks.
Special anti-DDoS UDP tools required
"Simple solutions against DDoS attacks are not enough to combat these attacks," warns Michael Gießelbach, Regional Director DACH at Radware. "To combat these attacks, special tools for detecting and defusing UDP floods must be implemented in the DDoS engine. This is the only way to ensure that a UDP flood attack does not affect the video conferencing service."
A UDP flood attack does not exploit a specific vulnerability. Instead, the normal behavior is simply abused, to the extent that the target network is overloaded. It involves sending a large number of UDP datagrams from mostly fake IP addresses to random ports on a target server.
The server receiving this traffic is unable to handle every request. The traffic consumes all of the server's bandwidth as it attempts to send ICMP responses to "destination unreachable" packets to confirm that no application is listening on the destination ports. This protocol is vulnerable to Layer 4 attacks such as UDP floods, UDP garbage floods, RTP floods, and others.
More at Radware.com
About Radware Radware (NASDAQ: RDWR) is a global leader in application delivery and cybersecurity solutions for virtual, cloud and software-defined data centers. The company's award-winning portfolio secures the company-wide IT infrastructure and critical applications and ensures their availability. More than 12.500 enterprise and carrier customers worldwide benefit from Radware solutions to quickly adapt to market developments, maintain business continuity and maximize productivity at low cost.