Follow
Hold on to your butts, #cososec. DoS attacks are about to get much worse.
This study found censorship middleboxes which are not standards-compliant may allow theoretically INFINITE packet amplification.
censorship.ai | Weaponizing Middleboxes for TCP Reflected Amplification
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/
"We found amplifiers that, once triggered by a single packet sequence from the attacker, will send an endless stream of packets to the victim. In our testing, some of these packet streams lasted for days, often at the full bandwidth the amplifier’s link could supply."
^
"... in this work, we discover a large number of network middleboxes do not conform to the TCP standard, and can be abused to perform attacks. In particular, we find many censorship middleboxes will respond to spoofed censored requests with large block pages, even if there is no valid TCP connection or handshake. These middleboxes can be weaponized to conduct DoS amplification attacks."