Tag Archives: DDOS attack

CyberSecurity: How can a wireless phone/Printer used for DDOS Attack?

Imagine this: You have purchased a new wireless headphone. Now, You can’t wait until you get home to try them out so you unbox them in the car and grab your smartphone. Almost immediately, your phone picks up your wireless headphones, recognizes them and pairs them to your device.

So, How does wireless headphone/Printer works?

Your wireless phone, Printer & other home devices are generally used SSDP Protocol. And, In a way, it is to avoid lengthy setup process & devices are able to communicate with each other as soon as they are plugged in. Brief information about SSDP.

Simple Service Discovery Protocol is a network protocol and the basis for Universal Plug and Play architecture. Quite simply, it means that devices can find and communicate with each other by plugging them in or turning them on, enabling them to ”play” with minimal configuration on the part of the owner. In this regard, it’s very much an invisible networking experience that allows devices to connect automatically

How does Hacker uses these wireless smart devices?

Under normal circumstances, the SSDP protocol is used to allow UPnP (Universal plug & play ) devices to broadcast their existence to other devices on the network. For example, when a UPnP printer is connected to a typical network, after it receives an IP address, the printer is able to advertise its services to computers on the network by sending a message to a special IP address called a multicast address.

The multicast address then tells all the computers on the network about the new printer. Once a computer hears the discovery message about the printer, it makes a request to the printer for a complete description of its services. The printer then responds directly to that computer with a complete list of everything it has to offer. An SSDP attack exploits that final request for services by asking the device to respond to the targeted victim.

Follow a few steps to know how DDOS Attack is performed?

  • First the attacker conducts a scan looking for plug-and-play devices like home camera, printers etc that can be utilized as amplification factors.
  • As the attacker discovers networked devices, they create a list of all the devices that respond.
  • The attacker creates a UDP packet with the spoofed IP address of the targeted victim.
  • The attacker then uses a botnet to send a spoofed discovery packet to each plug-and-play device with a request for as much data as possible by setting certain flags, specifically ssdp:rootdevice or ssdp:all.
  • As a result, each device will send a reply to the targeted victim with an amount of data up to about 30 times larger than the attacker’s request.
  • The target then receives a large volume of traffic from all the devices and becomes overwhelmed, potentially resulting in denial-of-service to legitimate traffic

How to mitigate SSDP DDOS Attacks?

For network administrators, a key mitigation is to block incoming UDP traffic on port 1900 at the firewall. Provided the volume of traffic isn’t enough to overwhelm the network infrastructure, filtering traffic from this port will likely be able to mitigate such an attack.

How to check whether you IP is being used for an attack or not?

Here is the open source tool to check where your device IP is being used for an attack or not. https://badupnp.benjojo.co.uk/


CyberSecurity: Someone is trying to take the internet down.

I have been reading a lot of DDOS attacks & recently found that DDOS attack is so powerful that it could take the whole internet down. As per many references & stories, it is already happening. Let me share some of the interesting stories. Things are scary but we all should be aware of the danger. It is not fictional Hollywood movies anymore. It is real now.

Story-1: The internet’s worst-case scenario finally happened in real life: An entire country was taken offline, and no one knows why


For years, countries have worried that a hostile foreign power might cut the undersea cables that supply the world with internet service.  Late last month, we got a taste of what that might be like. An entire country, Mauritania, was taken offline for two days because an undersea cable was cut. 

The 17,000-kilometer African Coast to Europe submarine cable, which connects 22 countries from France to South Africa, was severed on March 30, cutting off web access partially or totally to the residents of Sierra Leone and Mauritania.

Story-2: 3 US hackers took out key parts of the internet in 2016 because they wanted to make money on Minecraft


Three US hackers have pleaded guilty to creating the Mirai botnet, which took out some of the internet’s biggest sites last year including Reddit, Spotify, and Twitter through distributed denial of service (DDoS) attacks.

The goal of DDoS in Minecraft is to try and frustrate users on a rival server with slow service — so that they end up switching to yours.



One worker was organizing papers at his desk inside the Prykarpattyaoblenergo power grid control center, the cursor on his computer suddenly skittered across the screen of its own accord.

He watched as it navigated purposefully toward buttons controlling the circuit breakers at a substation in the region and then clicked on a box to open the breakers and take the substation offline. A dialogue window popped up on the screen asking to confirm the action, and the operator stared dumbfounded as the cursor glided to the box and clicked to affirm. Somewhere in a region outside the city, he knew that thousands of residents had just lost their lights and heaters

The operator grabbed his mouse and tried desperately to seize control of the cursor, but it was unresponsive. Then as the cursor moved in the direction of another breaker, the machine suddenly logged him out of the control panel. Although he tried frantically to log back in, the attackers had changed his password preventing him from gaining re-entry. All he could do was stare helplessly at his screen while the ghosts in the machine clicked open one breaker after another, eventually taking about 30 substations offline