Independent researcher Phenomite has discovered a new attack vector that takes advantage of a flaw in Powerhouse Management VPN servers. The vector would allow for an amplification of traffic during DDoS attacks. The unidentified service runs on UDP port 20811 and with a one-byte request, response sizes will expand up to 40 times. The packets can also reflect a return IP address. Attacks that take advantage of the Powerhouse VPNs have already been seen in the wild and ZDNet as well as Phenomite have reached out to the company but have yet to receive a response. Analysis from Phenomite revealed more than 1,500 servers that could potentially be at risk with a majority of them hosted outside the United States.
Researcher Reveals DDoS Amplification Attack Vector in Powerhouse Management VPN
February 23, 2021