Akamai reported recently a new method of launching distributed denial of service (DDoS) attacks ranks as one of the most dangerous of all time. The biggest concern that comes with this new attack is its ability to eat up immense amounts of bandwidth. Akamai's client who was attacked saw peaks as high as 35 GB/s during their recent attack.
There's a key multicast protocol that makes this new kind of DDoS possible: WS-Discovery (WSD)
WSD isn't a well known protocol, but it is a widely used one, and can be found in thousands of internet-connected devices. WSD is a discovery protocol designed to make IoT devices communicate with a standard language, but it has a problem: It can be spoofed.
An attacker can send a UDP packet to a device's WS-Discovery service with a forged return IP address. When the device sends back a reply, it will send it to the forged IP address, allowing attackers to bounce traffic on WS-Discovery devices, and aim it at the desired target of their DDoS attacks. WSD attacks aren't common because of the obscurity of the protocol used to launch it, but this is changing. There has been an uptick in WSD attacks recently and with news about the protocol becoming public it's likely the risk will only grow.
WSD was meant for use on local area networks so devices could discover each other. Instead, manufacturers of internet-connected devices pushed them out with a misused protocol on them.
Another day..another new discovery and we hope to live to fight another day.