The most recent major distributed denial-of-service attacks have stemmed from hackers hijacking countless Internet of Things devices and using them to create massive botnets to knock down servers; however, other devices like routers are still major contributors. Routers have the unfortunate distinction of often being targeted during a DDoS attack and as a device capable of being hijacked to commit the attack. Routers are important to look at when understanding how a DDoS attack is created because hackers take advantage of the same poor security practices implemented on IoT devices to seize routers.
Using a Router for DDoS
Being aware of potential issues highlights the importance of using monitoring and load testing tools for detecting and mitigating DDoS attacks on your company’s various web platforms. Unfortunately, routers as a device class are notorious for having a large number of security holes. Hackers aren’t limited to a single mode of entry to compromise a router, but instead, they can use:
- Malware Infection: Similarly to breaking into a computer, a hacker can upload and install malware onto a router to take control of the device. However, because of major variations between router manufacturers, the malware needs to be designed brand-specific which makes this scenario possible, but unlikely.
- Poor Configuration: The case of the SSHowDowN exploit demonstrates how hackers can use traffic coming from a router without actually needing to infect or log in to the device. Hackers can send traffic from infected devices and networks and bounce it through poorly configured routers to obscure where the traffic is coming from. This technique makes it harder for CDNs to identify the source of the attack and block it.
- Hacking Tools: A recent WikiLeaks release about CIA-developed hacking tools highlights how specifically designed software can be used to infiltrate and compromise a router. The CIA tools are focused on intercepting traffic, but the same principle can be applied to taking full control of a router for any use.
Building A Network to Avoid DDoS Attacks
A DDoS botnet is more about quantity than quality: the more devices that can produce more traffic the better. It’s often much easier to infiltrate countless small targets and use the combined power to overwhelm a larger target than it is to break into a secure, larger target. Therefore, hackers will look at any device that’s capable of producing Internet traffic as a potential candidate for a DDoS bot. While there are thousands of router models in use, shared security vulnerabilities still make them viable targets.