Zero-friction vulnerability management platform
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.Install Now
Available for macOS, Windows, and Linux
UBNT Discovery Protocol Amplification Attack
A publicly access Ubiquity device exposing the UBNT Discovery Protocol can be exploited to participate in a Distributed Denial of Service (DDoS) attack.
There are reports that there are ongoing attacks against devices with UBNT Discovery Protocol reachable which either result in a loss of device management or are used as a weak DDoS amplificatior. The basic attack technique consists of an attacker sending a valid query request to a UBNT server with the source address spoofed to be the victim's address. Since UBNT Discovery Protocol uses UDP this is trivialy done. When the UBNT server sends the response, it is sent instead to the victim. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim (the amplification factor is around 30-35x). By leveraging a botnet to perform additional spoofed queries, an attacker can produce an overwhelming amount of traffic with little effort.
Checks if the UBNT Discovery Protocol is reachable.
Ubiquiti recommends to block port 10001/udp at the perimeter.