Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

UBNT Discovery Protocol Amplification Attack

Information

Severity

Severity

Medium

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Workaround

Created

Created

3 years ago

Modified

Modified

3 years ago

Summary

A publicly access Ubiquity device exposing the UBNT Discovery Protocol can be exploited to participate in a Distributed Denial of Service (DDoS) attack.

Insight

Insight

There are reports that there are ongoing attacks against devices with UBNT Discovery Protocol reachable which either result in a loss of device management or are used as a weak DDoS amplificatior. The basic attack technique consists of an attacker sending a valid query request to a UBNT server with the source address spoofed to be the victim's address. Since UBNT Discovery Protocol uses UDP this is trivialy done. When the UBNT server sends the response, it is sent instead to the victim. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim (the amplification factor is around 30-35x). By leveraging a botnet to perform additional spoofed queries, an attacker can produce an overwhelming amount of traffic with little effort.

Detection Method

Detection Method

Checks if the UBNT Discovery Protocol is reachable.

Solution

Solution

Ubiquiti recommends to block port 10001/udp at the perimeter.