• Wed. Oct 11th, 2023

The SLP Protocol Has a Weakness That Can Boost the Power of DoS Threats by 2200 Times

Avatar photo

ByEsme Greene

Jun 5, 2023
The SLP Protocol Has a Weakness That Can Boost the Power of DoS Threats by 2200 Times
Esme Greene
Latest posts by Esme Greene (see all)

Over 2,000 international organizations and 54,000 servers were impacted by the bug globally.

Service Location Protocol, or SLP, has a fresh flaw that security experts BitSight and Curesec have identified. This flaw enables users to launch numerous attacks against devices being targeted.

Criminals can launch devastating DoS attacks with an amplification factor of up to 2200 times using weak instances, the researchers added, which could render this attack one of the biggest multiplication strikes ever observed.

The Issue Found

The weakness called CVE-2023-29552 (CVSS: 8.6) impacts over 2,000 worldwide entities and over 54,000 freely accessible SLPs. VMWare ESXi hypervisors, Konica Minolta printers, Planex routers, IBM Integrated Management Module (IMM), SMC IPMI, and 665 additional product types are among them.

The ten nations with the most exposed SLP occurrences are the US, UK, Germany, Japan, Canada, Italy, Europe, and Brazil.

SLP is an internet service identification protocol which enables PCs as well as additional machines to discover facilities such as printers, file servers, and other network resources on a local network.

If CVE-2023-29552 is successfully exploited, a hacker can take advantage of weak SLP instances to perform a reflection amplification operation and flood the victim’s server with fraudulent traffic.

A hacker only has to find an SLP server on UDP port 427, boost the length of the UDP server’s reply by entering new services till the outcome buffer is full, and afterwards repeatedly forge an appeal to this service with the knowledge of the target’s IP address as the address of the source.

An attacker might achieve an approximate gain of 2,200 times by changing a tiny 29-byte request into a huge 65,000-byte response targeted on a victim by following these procedures.

Cybersecurity Measures to Prevent the Attacks

Customers are asked to eliminate SLP on devices directly linked to the Internet, or to restrict traffic across UDP and TCP port 427 to reduce the vulnerability. Effective authentication and access control must also be enforced, permitting exclusively verified ones to enter the appropriate network resources, and access must be carefully regulated and validated.

Cloudflare experts predict that the popularity of SLP-based DDoS breaches will rise dramatically in the next few weeks as hackers test a new DDoS replication route.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.