CYBER NEWS

WS-Discovery Protocol Exposes 630,000 Devices to DDoS Attacks

The Web Services Dynamic Discovery (WS-Discovery) protocol could be exploited to launch large-scale DDoS attacks, security researchers are reporting.



What is the WS-Discovery protocol?

The WS-Discovery protocol is described as a technical specification that defines a multicast discovery protocol to locate services on a local network. It operates over TCP and UDP port 3702 and uses IP multicast address 239.255.255.250. The communication between nodes is done using web services standards, such as SOAP-over-UDP.

Even though the protocol is neither that common nor that popular, it has been adopted by ONVIF, an “open industry forum that provides and promotes standardized interfaces for effective interoperability of IP-based physical security products”. Among ONVIF members are large companies such as Sony, Bosch, and Axis, who utilize ONVIF standards in their products.

630,000 ONVIF-based devices running the WS-Discovery protocol at risk

Furthermore, ONVIF has recommended the WS-Discovery protocol for device discovery. Long story short, the protocol has been used in a series of products, including IP cameras, printers, and various home appliances. To be more precise, a Binary Edge search reveals that there are approximately 630,000 ONVIF-based devices running the WS-Discovery protocol.

Related:
The world?s biggest DDoS-for-hire service, Webstresser.org, is now down thanks to a coordinated international operation. Its servers were seized.
Largest DDoS-for-Hire Service Taken Down, Attack Price Was $14.99

There is evidence that the protocol is now being exploited by threat actors for DDoS attacks, ZDNet reported. It is not the first wave of such attacks as researchers detected malicious activities back in May. The current attacks are not that large as well, with a maximum of 40 Gbps and amplification factors of up to 10, but the potential attack surface is alarming.

The large number of devices currently exposing the WS-Discovery port 3702 on the internet will definitely trigger a new wave of mass-scale attacks, researchers warned.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...