*R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION VULNERABILITIES*
As part of our project Master Thesis, we have discovered several UDP amplifications which can be used on distributed reflection denial of service attacks (DRDoS). We found vulnerabilities on mobile games, SIP, and Citrix ICA Browser. Despite the fact that mobile games are not implemented on enough number to become a threat, SIP and ICA seems to be a real risk, specially ICA, who can have an amplification from 25 to 40+ per every dispatched byte. As a proof of concept, we’ve developed also an application, called r2dr2 . This application receives the configuration from JSON files, and it has been developed to be highly customizable. Our main aim it was to create a tool able to exploit vulnerabilities found not only for us but also any other researcher; and we have found that works very well with many protocols. For downloading the r2dr2 tool and more information, please visit the link below: http://www.securitybydefault.com/2014/06/r2dr2-analysis-and-exploitation-of-udp-amplification-vulns.html @daniel0x00 <https://twitter.com/daniel0x00> @IllegalPointer <https://twitter.com/illegalpointer> _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
