A team of researchers from University of Colorado and University of Maryland have released a new paper and Proof of Concept (PoC) code that demonstrates the use of censorship and other so-called middleboxes to create potentially unlimited amplification for Distributed Denial of Service (DDoS) attacks. The term middlebox here refers to censorship systems that deny blacklisted traffic, widely used by nation-states in closed Internet infrastructures, but can also refer to firewall and intrusion detection systems in institutional networks – even these sorts of benign middleboxes can be weaponized by the PoC. Amplification refers to the common strategy utilized for DDoS attacks: for example, packets with the spoofed IP address of the target are sent to open servers or DNS resolvers, which respond with longer messages or a stream of multiple packets back at the target system, enabling attackers to create massive amounts of internet traffic that overwhelm the target’s infrastructure. Notably, the PoC generates TCP packets, instead of UDP packets, due to the fact that many middleboxes do not comply with the TCP three-way handshake standard.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in