Home > Cyber News > WS-Discovery Protocol Exposes 630,000 Devices to DDoS Attacks
CYBER NEWS

WS-Discovery Protocol Exposes 630,000 Devices to DDoS Attacks

by   |  Last Update:  |  0 Comments  

The Web Services Dynamic Discovery (WS-Discovery) protocol could be exploited to launch large-scale DDoS attacks, security researchers are reporting.



What is the WS-Discovery protocol?

The WS-Discovery protocol is described as a technical specification that defines a multicast discovery protocol to locate services on a local network. It operates over TCP and UDP port 3702 and uses IP multicast address 239.255.255.250. The communication between nodes is done using web services standards, such as SOAP-over-UDP.

Even though the protocol is neither that common nor that popular, it has been adopted by ONVIF, an “open industry forum that provides and promotes standardized interfaces for effective interoperability of IP-based physical security products”. Among ONVIF members are large companies such as Sony, Bosch, and Axis, who utilize ONVIF standards in their products.

630,000 ONVIF-based devices running the WS-Discovery protocol at risk

Furthermore, ONVIF has recommended the WS-Discovery protocol for device discovery. Long story short, the protocol has been used in a series of products, including IP cameras, printers, and various home appliances. To be more precise, a Binary Edge search reveals that there are approximately 630,000 ONVIF-based devices running the WS-Discovery protocol.

Related: [wplinkpreview url=”https://sensorstechforum.com/largest-ddos-for-hire-service-taken-down/”] Largest DDoS-for-Hire Service Taken Down, Attack Price Was $14.99

There is evidence that the protocol is now being exploited by threat actors for DDoS attacks, ZDNet reported. It is not the first wave of such attacks as researchers detected malicious activities back in May. The current attacks are not that large as well, with a maximum of 40 Gbps and amplification factors of up to 10, but the potential attack surface is alarming.

The large number of devices currently exposing the WS-Discovery port 3702 on the internet will definitely trigger a new wave of mass-scale attacks, researchers warned.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. New ‘Pulse Wave’ DDoS Attack Scheme Discovered Previous servers thought to be secure have been discovered to...
  2. Frequent DDoS Attacks Against Gaming Sites A worrisome trend has been spotted recently of continuous DDoS...
  3. Shellshock Vulnerable Devices Still Targeted. 630 000 Attacks in Only Two Weeks Nearly two months after its announcement, the Shellshock flaw in...
  4. .DDOS Files Virus (Dharma Ransomware) – Remove What is .DDOS files virus? What is Dharma ransomware? Can...
  5. DDoS Attacks Cost Organizations $250,000 per Hour A new report by Neustar shows that DDoS attacks are...
  6. Largest DDoS-for-Hire Service Taken Down, Attack Price Was $14.99 The world’s biggest DDoS-for-hire service, Webstresser.org, is now down thanks...
  7. Mitigation against Memcached-Based DDoS Attacks Discovered DDoS attacks based on Memcached servers can now be mitigated,...
  8. Adult Websites Suffered the Most DDoS Attacks in 2019 A new Imperva report presents a detailed analysis of the...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree