Security Affairs
U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

How to exploit TFTP protocol to launch powerful DDoS amplification attacks

A group of security researchers from the Edinburgh Napier University elaborated a new DDoS amplification technique relying on the TFTP protocol. A group of security experts from the Edinburgh Napier University (Boris Sieklik, Richard Macfarlane and Prof. William Buchanan) have discovered a new vector for DDoS amplification attacks. Recently the security community has discovered several ways […]

DDoS-for-hire service

A group of security researchers from the Edinburgh Napier University elaborated a new DDoS amplification technique relying on the TFTP protocol.

A group of security experts from the Edinburgh Napier University (Boris Sieklik, Richard Macfarlane and Prof. William Buchanan) have discovered a new vector for DDoS amplification attacks. Recently the security community has discovered several ways to launch powerful amplification attacks by exploiting misconfigured services such as DNS or Network Time Protocol (NTP), now experts have found a way to exploit also the TFTP protocol (Trivial File Transfer Protocol).

The experts discovered that attackers could exploit TFTP to obtain a significant amplification factor for their attack, and unfortunately the port scanning research  conducted for the “Internet Census 2012 ” indicates the presence on the Internet of roughly 599,600 publicly open TFTP servers.

TFTP protocol to launch DDoS amplification attacks

The researchers contacted by El Reg confirmed that the techniques could allow obtaining an amplification factor equal to 60.

“The discovered vulnerability could allow hackers to use these publicly open servers to amplify their traffic, similarly to other DDoS amplification attacks like DNS amplification. If all specific conditions are met this traffic can be applied up to 60 times the original amount,” the researcher Boris Sieklik told El Reg.

“I also studied effects of this attack on different TFTP software implementations and found that most implementations automatically retransmit the same message up to six times, which also contributes to the amplification.”

The TFTP protocol (Trivial File Transfer Protocol) is a simplified version of FTP (File Transfer Protocol) mainly used in local area networks. TFTP is very simple to implement for this reason it is quite common to find TFTP server within organizations.

 

It is possible to transfer any file by using the TFTP protocol, to obtain the DDoS amplification effect an attacker can a specifically crafted request to the server with a forged return address that represents the address of the target. The response sent by the server is much bigger in size than the original request, obtaining in this way the amplification factor.

The numerous misconfigured services present on the Internet could allow to target a specific website with junk traffic composed of responses to forged web requests.

The researchers announced that they will publish the results of their discovery in the March edition of publisher Elsevier’s Computers & Security journal, it will also include indications to mitigate potential TFTP DDoS amplification attacks.

Pierluigi Paganini

(Security Affairs – TFTP DDoS amplification, hacking)