In early March, Akamai Security researchers detected a new DDoS amplification attack in the wild, peaking at 11 Gbps at 1.5 Mpps.
The attack was amplified with a new technique called TCP Middlebox Reflection, first discovered by researchers at the University of Maryland and University of Colorado Boulder last year. It abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack. You can read more about the attack in Akamai's post,
https://www.akamai.com/blog/security/tcp-middlebox-reflection and here in a post, (https://geneva.cs.umd.edu/weaponizing/) by our session's presenter and team.
M3AAWG has been monitoring the potential for middlebox attacks and is hosting an Engagement Series session March 22 at 11 a.m. East on the topic. Please join presenter Kevin Bock from University of Maryland as he explains how non-trivial TCP-based amplification attacks work and can be orders of magnitude more effective than well-known UDP-based amplification. Come learn how middleboxes (even defensive ones, such as firewalls and intrusion detection systems) are being leveraged to execute these attacks and how you can defend your customers and infrastructure against this new type of attack.
Presented by: Kevin Bock, University of Maryland