Tuesday, February 23, 11:44
Home security Powerhouse VPN products are used in DDoS attacks

Powerhouse VPN products are used in DDoS attacks

Some botnet operators abuse VPN servers by the VPN Powerhouse Management provider as a way to bounce back and boost unwanted traffic as part of DDoS attacks.

This new DDoS carrier was discovered and documented by a security researcher circulating on the internet as Phenomite, who shared his findings with ZDNet last week.

The researcher said that the main cause of this new DDoS vector is a service (not yet detected) running on the UDP 20811 port on Powerhouse VPN servers.

Powerhouse VPN

Phenomite says intruders can "ping" this port with a one-byte request and the service will responds often with packages up to 40 times the size of the original package.

Since these packages are UDP-based, they can also be modified to contain incorrect IP return. This means that an attacker can send a one-byte UDP packet to a Powerhouse VPN server, which then amplifies it and sends it to the IP address of a victim of a DDoS attack - what security researchers call a reflected / amplified DDoS attack. .

Both Phenomite and ZDNet have contacted Powerhouse Management to inform the company about the behavior of its products, seeking to ensure that a patch on its servers that will prevent the misuse of its VPN infrastructure in future DDoS attacks.

However, the company has not responded to the relevant requests.

In addition, we also learned today that threatening agents have also discovered this DDoS attack vector, which they have already used in real attacks.

According to a scan by Phenomite last week, there are currently about 1.520 Powerhouse servers exposing UDP port 20811, which means it can be done abuse from the DDoS threat groups.

While servers are located all over the world, most vulnerable systems seem to be “in United Kingdom, Vienna and Hong Kong", Said the researcher to ZDNet.

Until Powerhouse fixes this leak, the researcher has advised companies to block any traffic coming from VPN providers (AS21926 and AS22363) or to exclude any traffic where "srcport" is 20811.

The second solution is recommended, as it does not block legitimate VPN traffic from all Powerhouse VPN users, but only the "reflected" packages that most likely are part of a DDoS attack.

The discovery of Phenomite adds to a large list of new DDoS enhancement vectors that have been unveiled in the last three months.

Source of information: zdnet.com


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.


Powerhouse VPN products are used in DDoS attacks

Some botnet operators abuse VPN servers by the VPN Powerhouse Management provider as a way to bounce and boost unwanted traffic ...

Social media users are more prone to misinformation

According to a survey, users who choose social media as a key source of information on important issues, such as Covid-19 or ...

Austin Energy - Texas: Scammers threaten customers with power outages!

Austin Energy, a public utility that supplies electricity to the city of Austin, Texas and surrounding areas, issued on ...

Apple: Displaces Samsung and becomes the number 1 smartphone seller

According to the company Gartner, Apple is coming back to the top and becomes the number 1 smartphone seller (taking the position from ...

NurseryCam: Webcam monitoring system for kindergarten children exposed to hackers

NurseryCam, a company providing webcam systems, which allow parents to watch their children while in kindergarten, informed ...

Russia behind massive cyber attacks on Ukrainian sites!

Ukraine on February 22 accused anonymous Internet networks connected with Russia of massive cyber-attacks aimed at ...

Starlink Satellite Internet: Musk promises double speeds by 2021

SpaceX CEO Elon Musk said on Twitter that the company's satellite Internet service ...

BBC: More than 100 devices stolen - Concern about data leakage

The BBC has reported the theft of many electronic devices from its facilities in the last two years. This revelation has caused concerns ...

The top list of Xbox Game Pass games for 2021

https://www.youtube.com/watch?v=zJLiVBYFACw Μία από τις κορυφαίες πλατφόρμες με παιχνίδια για το Xbox και το PC σας σε προνομιακή...

The price of Bitcoin dropped by $ 10.000 in 24 hours

After weeks of steady gains, the price of Bitcoin plummeted. More than 10.000 ...